An Economics Perspective on the Sharing of Information Related to Security Breaches: Concepts and Empirical Evidence
By: William Lucyshyn, Lawrence A. Gordon, Ph.D., Martin P. Loeb, Ph.D.
Organizations have created an arsenal of technical weapons to combat computer security breaches. This arsenal includes firewalls, encryption techniques, access control mechanisms, and intrusion detection systems. Unfortunately, this arsenal has met with only limited success, as indicated by the fact that over 90% of the respondents to the 2001 survey conducted by the Computer Security Institute and Federal Bureau of Investigation had detected security breaches within the past 12 months (Power, 2001, p. 31). Further evidence of the continuing problems associated with computer security breaches is provided by the fact that Representative Stephen Horn, in his second annual report card on computer security within the federal government, gave the federal agencies an overall average grade of F (Dean 2001).