원문정보
초록
영어
This study expands the current body of research by exploring multiple scenarios of insufficient and excessive IT security investments caused by interdependent risks and the interplay between IT security investments and cyber insurance. A key finding is that organizations experiencing interdependent risks with different types of cyber attacks (i.e., targeted and untargeted attacks) use different strategies in making IT security investment decisions and in purchasing cyber insurance policies for their information security risk management than firms that are facing independent risks. The study further provides an economic rationale for employing insurance mechanisms as a risk management solution for information security.
목차
Ⅰ. Introduction
Ⅱ. IT Security Risks and its Management Strategies
2.1 Targeted vs. Untargeted Attacks
2.2 Self-Protection, Self-Insurance,and Cyber Insuranc2.2 Self-Protection, Self-Insurance, and Cyber Insurancee
Ⅲ. Theoretical Analysis
3.1 Investment in Self-Protection with-outa Cyber Insurance Market
3.2 Interplay between Self-Protection and Cyber Insurance
3.3 Synthesis of the Theoretical Models : Impact of Externalities on Self-Protection and Cyber Insurance
Ⅳ. Discussion and Implications
References
About the Authors