IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v23y2021i3d10.1007_s10796-020-10009-4.html
   My bibliography  Save this article

Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities

Author

Listed:
  • Chenglong Zhang

    (Tianjin University)

  • Nan Feng

    (Tianjin University)

  • Jianjian Chen

    (Tianjin University)

  • Dahui Li

    (University of Minnesota Duluth)

  • Minqiang Li

    (Tianjin University)

Abstract

Firms in a close business partnership could choose to either outsource to the same or different Managed Security Service Providers (MSSPs) when making outsourcing decisions. Apart from security investments, compensation ratios, and network externalities, the firms in a close business partnership face the new challenge of correlated loss when making the outsourcing decisions. We first show that if the two firms in the business partnership outsource to the same MSSP, the security investments on the two firms are greater under positive externalities and vice versa. More importantly, we further find out that under positive externality the two firms are better off outsourcing to the same MSSP if the correlated loss level is lower (greater) than a threshold when the compensation ratios are less (greater) than 1; under negative externality the two firms are better off outsourcing to the same MSSP if the correlated loss level is lower (greater) than a threshold when the compensation ratios are greater (less) than 1. Our analytical results offer important managerial implications to firms in a close business partnership when deciding on their outsourcing strategies.

Suggested Citation

  • Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 2021. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 23(3), pages 773-790, June.
    • Handle: RePEc:spr:infosf:v:23:y:2021:i:3:d:10.1007_s10796-020-10009-4
    DOI: 10.1007/s10796-020-10009-4
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-020-10009-4
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-020-10009-4?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Bobby Swar & Junghoon Moon & Junyoung Oh & Cheul Rhee, 2012. "Determinants of relationship quality for IS/IT outsourcing success in public sector," Information Systems Frontiers, Springer, vol. 14(2), pages 457-475, April.
    2. Eric T. G. Wang & Terry Barron & Abraham Seidmann, 1997. "Contracting Structures for Custom Software Development: The Impacts of Informational Rents and Uncertainty on Internal Development and Outsourcing," Management Science, INFORMS, vol. 43(12), pages 1726-1744, December.
    3. Greg Fischer, 2013. "Contract Structure, Risk‐Sharing, and Investment Choice," Econometrica, Econometric Society, vol. 81(3), pages 883-939, May.
    4. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2013. "Contracting Information Security in the Presence of Double Moral Hazard," Information Systems Research, INFORMS, vol. 24(2), pages 295-311, June.
    5. Kjell Hausken, 2014. "Returns to information security investment: Endogenizing the expected loss," Information Systems Frontiers, Springer, vol. 16(2), pages 329-336, April.
    6. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    7. Daniel Schatz & Rabih Bashroush, 2017. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 19(5), pages 1205-1228, October.
    8. Sagnika Sen & T. S. Raghu & Ajay Vinze, 2009. "Demand Heterogeneity in IT Infrastructure Services: Modeling and Evaluation of a Dynamic Approach to Defining Service Levels," Information Systems Research, INFORMS, vol. 20(2), pages 258-276, June.
    9. Margareta Heidt & Jin P. Gerlach & Peter Buxmann, 2019. "Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments," Information Systems Frontiers, Springer, vol. 21(6), pages 1285-1305, December.
    10. Kunreuther, Howard & Heal, Geoffrey, 2003. "Interdependent Security," Journal of Risk and Uncertainty, Springer, vol. 26(2-3), pages 231-249, March-May.
    11. Daniel Schatz & Rabih Bashroush, 0. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    12. Fischer, Gregory, 2013. "Contract structure, risk sharing and investment choice," LSE Research Online Documents on Economics 46796, London School of Economics and Political Science, LSE Library.
    13. Heidt, Margareta & Gerlach, Jin & Buxmann, Peter, 2019. "Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 118284, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    14. Tawei Wang & Karthik N. Kannan & Jackie Rees Ulmer, 2013. "The Association Between the Disclosure and the Realization of Information Security Risk Factors," Information Systems Research, INFORMS, vol. 24(2), pages 201-218, June.
    15. Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
    16. Debabrata Dey & Ming Fan & Conglei Zhang, 2010. "Design and Analysis of Contracts for Software Outsourcing," Information Systems Research, INFORMS, vol. 21(1), pages 93-114, March.
    17. Seungjin Whang, 1992. "Contracting for Software Development," Management Science, INFORMS, vol. 38(3), pages 307-324, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    2. Xing Gao & Siyu Gong, 2022. "An economic analysis of information security outsourcing with competitive firms," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(7), pages 2748-2758, October.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 0. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 0, pages 1-18.
    2. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2013. "Contracting Information Security in the Presence of Double Moral Hazard," Information Systems Research, INFORMS, vol. 24(2), pages 295-311, June.
    3. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
    4. Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.
    5. Yosra Miaoui & Noureddine Boudriga, 0. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 0, pages 1-40.
    6. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    7. Xing Gao & Weijun Zhong, 2016. "A differential game approach to security investment and information sharing in a competitive environment," IISE Transactions, Taylor & Francis Journals, vol. 48(6), pages 511-526, June.
    8. Xing Gao & Siyu Gong, 2022. "An economic analysis of information security outsourcing with competitive firms," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(7), pages 2748-2758, October.
    9. Kai-Lung Hui & Ping Fan Ke & Yuxi Yao & Wei T. Yue, 2019. "Bilateral Liability-Based Contracts in Information Security Outsourcing," Information Systems Research, INFORMS, vol. 30(2), pages 411-429, June.
    10. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    11. Margareta Heidt & Jin P. Gerlach & Peter Buxmann, 2019. "Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments," Information Systems Frontiers, Springer, vol. 21(6), pages 1285-1305, December.
    12. Xing Gao & Weijun Zhong, 2016. "Economic incentives in security information sharing: the effects of market structures," Information Technology and Management, Springer, vol. 17(4), pages 361-377, December.
    13. Tejaswini C. Herath & Hemantha S. B. Herath & David Cullum, 2023. "An Information Security Performance Measurement Tool for Senior Managers: Balanced Scorecard Integration for Security Governance and Control Frameworks," Information Systems Frontiers, Springer, vol. 25(2), pages 681-721, April.
    14. Thorsten Beck & Patrick Behr, 2017. "Individual versus Village Lending: Evidence from Montenegro," Review of Development Economics, Wiley Blackwell, vol. 21(4), pages 67-87, November.
    15. Mingwen Yang & Varghese S. Jacob & Srinivasan Raghunathan, 2021. "Cloud Service Model’s Role in Provider and User Security Investment Incentives," Production and Operations Management, Production and Operations Management Society, vol. 30(2), pages 419-437, February.
    16. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    17. Czura, Kristina, 2015. "Do flexible repayment schedules improve the impact of microcredit?," Discussion Papers in Economics 26608, University of Munich, Department of Economics.
    18. Abderrazak Laghouag & Faiz bin Zafrah & Mohamed Rafik Noor Mohamed Qureshi & Alhussain Ali Sahli, 2024. "Eliminating Non-Value-Added Activities and Optimizing Manufacturing Processes Using Process Mining: A Stock of Challenges for Family SMEs," Sustainability, MDPI, vol. 16(4), pages 1-20, February.
    19. Pushkar Maitra & Sandip Mitra & Dilip Mookherjee & Alberto Motta & Sujata Visaria, 2014. "Helping Microfinance Fulfill its Promise: Raising Borrower Incomes through Agent-Intermediated Lending," HKUST IEMS Thought Leadership Brief Series 2015-03, HKUST Institute for Emerging Market Studies, revised Oct 2014.
    20. Bahar Rezaei & Sriram Dasu & Reza Ahmadi, 2017. "Optimal Group Size in Joint Liability Contracts," Decision Analysis, INFORMS, vol. 14(3), pages 204-225, September.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:23:y:2021:i:3:d:10.1007_s10796-020-10009-4. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.