IDEAS home Printed from https://ideas.repec.org/a/eee/proeco/v182y2016icp519-530.html
   My bibliography  Save this article

An economic model to evaluate information security investment of risk-taking small and medium enterprises

Author

Listed:
  • Mayadunne, Sanjaya
  • Park, Sungjune

Abstract

This paper analyzes information security investment decisions made by risk taking small and medium enterprises (SMEs) using the expected utility approach. It then compares these decisions to ones made by a risk neutral firm. We find that risk takers are inclined to prioritize an information set's vulnerability over its value when making investment decisions. We also find that a risk taking firm may invest a larger amount in protecting a set than the risk neutral firm when the effectiveness of the investment in lowering breach probability is low. Finally, we show that for a group of information sets of equal value and varying vulnerabilities, the risk neutral decision maker will diversify security investment to a greater extent than the risk taker. As a result, the risk taker will invest a larger amount than the risk neutral firm would when protecting the high risk sets in the group. The results provide guidance to information security vendors when tailoring products to suit small businesses.

Suggested Citation

  • Mayadunne, Sanjaya & Park, Sungjune, 2016. "An economic model to evaluate information security investment of risk-taking small and medium enterprises," International Journal of Production Economics, Elsevier, vol. 182(C), pages 519-530.
    • Handle: RePEc:eee:proeco:v:182:y:2016:i:c:p:519-530
    DOI: 10.1016/j.ijpe.2016.09.018
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S092552731630250X
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijpe.2016.09.018?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Huang, C. Derrick & Behara, Ravi S., 2013. "Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints," International Journal of Production Economics, Elsevier, vol. 141(1), pages 255-268.
    2. Dan J. Laughhunn & John W. Payne & Roy Crum, 1980. "Managerial Risk Preferences for Below-Target Returns," Management Science, INFORMS, vol. 26(12), pages 1238-1249, December.
    3. Daniel Kahneman & Amos Tversky, 2013. "Prospect Theory: An Analysis of Decision Under Risk," World Scientific Book Chapters, in: Leonard C MacLean & William T Ziemba (ed.), HANDBOOK OF THE FUNDAMENTALS OF FINANCIAL DECISION MAKING Part I, chapter 6, pages 99-127, World Scientific Publishing Co. Pte. Ltd..
    4. Derrick Huang, C. & Hu, Qing & Behara, Ravi S., 2008. "An economic analysis of the optimal information security investment in the case of a risk-averse firm," International Journal of Production Economics, Elsevier, vol. 114(2), pages 793-804, August.
    5. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    6. Zahra, Shaker A. & Covin, Jeffrey G., 1995. "Contextual influences on the corporate entrepreneurship-performance relationship: A longitudinal analysis," Journal of Business Venturing, Elsevier, vol. 10(1), pages 43-58, January.
    7. Wang, Nan, 2007. "Optimal investment for an insurer with exponential utility preference," Insurance: Mathematics and Economics, Elsevier, vol. 40(1), pages 77-84, January.
    8. Palich, Leslie E. & Ray Bagby, D., 1995. "Using cognitive theory to explain entrepreneurial risk-taking: Challenging conventional wisdom," Journal of Business Venturing, Elsevier, vol. 10(6), pages 425-438, November.
    9. VASILESCU Ion, 2009. "Assessment and self-assessment of project manager," Economia. Seria Management, Faculty of Management, Academy of Economic Studies, Bucharest, Romania, vol. 12(2), pages 133-138, December.
    10. Xin Chen & Melvyn Sim & David Simchi-Levi & Peng Sun, 2007. "Risk Aversion in Inventory Management," Operations Research, INFORMS, vol. 55(5), pages 828-842, October.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    2. Margareta Heidt & Jin P. Gerlach & Peter Buxmann, 2019. "Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments," Information Systems Frontiers, Springer, vol. 21(6), pages 1285-1305, December.
    3. Hallová, M. & Polakovič, P. & Virágh, R. & Slováková, I., 2017. "Information Security and Risk Analysis in Companies of Agriresort," AGRIS on-line Papers in Economics and Informatics, Czech University of Life Sciences Prague, Faculty of Economics and Management, vol. 9(1), March.
    4. Yuhua Li & Xiheng Gong & Jingyi Zhang & Ziwei Xiang & Chengjun Liao, 2022. "The Impact of Mobile Payment on Household Poverty Vulnerability: A Study Based on CHFS2017 in China," IJERPH, MDPI, vol. 19(21), pages 1-20, October.
    5. Xiaotong Li & Qianyao Xue, 2021. "An economic analysis of information security investment decision making for substitutable enterprises," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 42(5), pages 1306-1316, July.
    6. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    7. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    8. Weizhou Su & Gaowen Lei & Sidai Guo & Hongche Dan, 2022. "Study on the Influence Mechanism of Environmental Management System Certification on Enterprise Green Innovation," IJERPH, MDPI, vol. 19(19), pages 1-20, September.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Lu Xu & Yanhui Li & Jing Fu, 2019. "Cybersecurity Investment Allocation for a Multi-Branch Firm: Modeling and Optimization," Mathematics, MDPI, vol. 7(7), pages 1-20, July.
    2. Xiaofei Qian & Xinbao Liu & Jun Pei & Panos M. Pardalos & Lin Liu, 2017. "A game-theoretic analysis of information security investment for multiple firms in a network," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 68(10), pages 1290-1305, October.
    3. Xing Gao & Weijun Zhong, 2015. "Information security investment for competitive firms with hacker behavior and security requirements," Annals of Operations Research, Springer, vol. 235(1), pages 277-300, December.
    4. Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.
    5. Xiaofei Qian & Jun Pei & Xinbao Liu & Mi Zhou & Panos M. Pardalos, 2019. "Information security decisions for two firms in a market with different types of customers," Journal of Combinatorial Optimization, Springer, vol. 38(4), pages 1263-1285, November.
    6. Yosra Miaoui & Noureddine Boudriga, 0. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 0, pages 1-40.
    7. T. K. Das & Bing-Sheng Teng, 1998. "Time and Entrepreneurial Risk Behavior," Entrepreneurship Theory and Practice, , vol. 22(2), pages 69-88, January.
    8. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    9. Robert A. Olsen, 1997. "Prospect theory as an explanation of risky choice by professional investors: Some evidence," Review of Financial Economics, John Wiley & Sons, vol. 6(2), pages 225-232.
    10. Michael Sheppard, 2020. "The relationship between discretionary slack and growth in small firms," International Entrepreneurship and Management Journal, Springer, vol. 16(1), pages 195-219, March.
    11. Dan K. Hsu & Johan Wiklund & Richard D. Cotton, 2017. "Success, Failure, and Entrepreneurial Reentry: An Experimental Assessment of the Veracity of Self–Efficacy and Prospect Theory," Entrepreneurship Theory and Practice, , vol. 41(1), pages 19-47, January.
    12. Basu, Anup K. & Drew, Michael E., 2010. "The appropriateness of default investment options in defined contribution plans: Australian evidence," Pacific-Basin Finance Journal, Elsevier, vol. 18(3), pages 290-305, June.
    13. Maria Claudia Angel Ferrero & Véronique Bessière, 2016. "From Lab to Venture: Cognitive Factors Influencing Researchers' Decision to Start a Venture," Journal of Enterprising Culture (JEC), World Scientific Publishing Co. Pte. Ltd., vol. 24(02), pages 101-131, June.
    14. Sandri, Serena & Schade, Christian & Mußhoff, Oliver & Odening, Martin, 2010. "Holding on for too long? An experimental study on inertia in entrepreneurs' and non-entrepreneurs' disinvestment choices," Journal of Economic Behavior & Organization, Elsevier, vol. 76(1), pages 30-44, October.
    15. Gian Seloni & Sri Kusrohmaniah & Galang Lufityanto, 2023. "The perils of acting rashly: Risk-taking propensity impeding emotion-based learning in entrepreneurs [Les dangers de l’audace: La propension à prendre des risques entrave l’apprentissage basé sur l," Journal of International Entrepreneurship, Springer, vol. 21(1), pages 89-110, March.
    16. W. Wong & R. Chan, 2008. "Prospect and Markowitz stochastic dominance," Annals of Finance, Springer, vol. 4(1), pages 105-129, January.
    17. Caliendo, Marco & Fossen, Frank & Kritikos, Alexander, 2010. "The impact of risk attitudes on entrepreneurial survival," Journal of Economic Behavior & Organization, Elsevier, vol. 76(1), pages 45-63, October.
    18. Shen, Houcai & Pang, Zhan & Cheng, T.C.E., 2011. "The component procurement problem for the loss-averse manufacturer with spot purchase," International Journal of Production Economics, Elsevier, vol. 132(1), pages 146-153, July.
    19. Joseph McManus, 2018. "Hubris and Unethical Decision Making: The Tragedy of the Uncommon," Journal of Business Ethics, Springer, vol. 149(1), pages 169-185, April.
    20. Dubard Barbosa, Saulo & Fayolle, Alain & Smith, Brett R., 2019. "Biased and overconfident, unbiased but going for it: How framing and anchoring affect the decision to start a new venture," Journal of Business Venturing, Elsevier, vol. 34(3), pages 528-557.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:proeco:v:182:y:2016:i:c:p:519-530. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/ijpe .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.