DP17403 Cyber Risk and Security Investment

We develop a model in which firms invest in cybersecurity to protect themselves and their clients from cyber attacks. Since cyber security investment is unobservable, firms may signal their investment to attract clients. In equilibrium, firms under-invest in
cyber security. We derive testable implications for the modality of cyber attacks, the probability of a successful attack, and client fees. To raise efficiency, a regulator can impose a minimum level of security investment or legislate consumer protection that shifts the burden of cyber attacks from clients to firms. Both regulations induce firms to invest the constrained-efficient amount in cyber security.

£6.00

Citation

Ahnert, T, M Brolley, D Cimon and R Riordan (2022), ‘DP17403 Cyber Risk and Security Investment‘, CEPR Discussion Paper No. 17403. CEPR Press, Paris & London. https://cepr.org/publications/dp17403

Discussion paper

DP18497 The Effects of Price Regulation on Pharmaceutical Expenditure and Availability

2 Oct 2023

DP18497 The Effects of Price Regulation on Pharmaceutical Expenditure and Availability

DP18187 Economic Freedom in Retrospect

DP17846 Macroprudential Regulation: A Risk Management Approach