Skip to main content

Research Repository

Advanced Search

Action, Inaction, Trust, and Cybersecurity’s Common Property Problem

Elliott, K.; Massacci, F.; Williams, J.

Action, Inaction, Trust, and Cybersecurity’s Common Property Problem Thumbnail


Authors

K. Elliott

F. Massacci



Abstract

Cybersecurity tends to be viewed as a highly dynamic, continually evolving technology race between attacker and defender. However, economic theory suggests that in many cases doing "nothing" is the optimal strategy when substantial fixed adjustment costs are present. Indeed, the authors' anecdotal experience as chief information security officers indicates that uncertain costs that might be incurred by rapid adoption of security updates substantially delay the application of recommended security controls, so the industry does appear to understand this economic aspect quite well. From a policy perspective, the inherently discontinuous adjustment path taken by firms can cause difficulties in determining the most effective public policy remit and the effectiveness of any enacted policies ex post. This article summarizes this type of policy issue in relation to the contemporary cybersecurity agenda.

Citation

Elliott, K., Massacci, F., & Williams, J. (2016). Action, Inaction, Trust, and Cybersecurity’s Common Property Problem. IEEE Security and Privacy, 14(1), 82-86. https://doi.org/10.1109/msp.2016.2

Journal Article Type Article
Acceptance Date Jan 1, 2016
Online Publication Date Feb 3, 2016
Publication Date Feb 3, 2016
Deposit Date Jan 4, 2016
Publicly Available Date Mar 29, 2024
Journal IEEE Security and Privacy
Print ISSN 1540-7993
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Volume 14
Issue 1
Pages 82-86
DOI https://doi.org/10.1109/msp.2016.2
Public URL https://durham-repository.worktribe.com/output/1415770

Files


Accepted Journal Article (Revised version) (196 Kb)
PDF

Copyright Statement
Revised version © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.





You might also like



Downloadable Citations