IDEAS home Printed from https://ideas.repec.org/p/oec/stiaaa/2008-1-en.html
   My bibliography  Save this paper

Economics of Malware: Security Decisions, Incentives and Externalities

Author

Listed:
  • Michel J. G. van Eeten

    (Delft University of Technology)

  • Johannes M. Bauer

    (Michigan State University)

Abstract

Malicious software, or malware for short, has become a critical security threat to all who rely on the Internet for their daily business, whether they are large organisations or home users. While originating in criminal behaviour, the magnitude and impact of the malware threat are also influenced by the decisions and behaviour of legitimate market players such as Internet Service Providers (ISPs), software vendors, e-commerce companies, hardware manufacturers, registrars and, last but not least, end users. This working paper reports on qualitative empirical research into the incentives of market players when dealing with malware. The results indicate a number of market-based incentive mechanisms that contribute to enhanced security but also other instances in which decentralised actions may lead to sub-optimal outcomes - i.e. where significant externalities emerge. Economie du “Malware” : décisions de sécurité, incitations et externalités Les logiciels malveillants, ou "malware", sont devenus une menace sérieuse pour tout ceux dont les activités quotidiennes reposent sur l‘utilisation d‘Internet, qu‘il s‘agisse de grandes organisations ou de particuliers. Bien qu‘elle trouve sa source dans un comportement criminel, l‘étendue et les conséquences de cette menace sont également influencées par les décisions et les comportements d‘acteurs légitimes du marché tels que les fournisseurs d‘accès Internet, vendeurs de logiciels, entreprises de commerce électronique, fabricants de matériel informatique et registres, sans oublier les utilisateurs finals. Ce document reflète le contenu d‘une recherche qualitative et empirique concernant les incitations des acteurs du marché lorsqu‘ils sont confrontés au malware. Les résultats indiquent qu‘il existe des incitations fondées sur le marché qui contribuent à augmenter la sécurité mais également des cas dans lesquels des actions décentralisées peuvent conduire à des résultats sous-optimaux, i.e. où des externalités significatives émergent.

Suggested Citation

  • Michel J. G. van Eeten & Johannes M. Bauer, 2008. "Economics of Malware: Security Decisions, Incentives and Externalities," OECD Science, Technology and Industry Working Papers 2008/1, OECD Publishing.
    • Handle: RePEc:oec:stiaaa:2008/1-en
    DOI: 10.1787/241440230621
    as

    Download full text from publisher

    File URL: https://doi.org/10.1787/241440230621
    Download Restriction: no
    File URL: https://libkey.io/10.1787/241440230621?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Milton L Mueller & Wolter Lemstra, 2011. "Liberalization and the Internet," Chapters, in: Matthias Finger & Rolf W. Künneke (ed.), International Handbook of Network Industries, chapter 9, Edward Elgar Publishing.
    2. Schneider, Friedrich, 2017. "Restricting or Abolishing Cash: An Effective Instrument for Fighting the Shadow Economy, Crime and Terrorism?," International Cash Conference 2017 – War on Cash: Is there a Future for Cash? 162914, Deutsche Bundesbank.
    3. Johnston, Reuben & Sarkani, Shahryar & Mazzuchi, Thomas & Holzer, Thomas & Eveleigh, Timothy, 2019. "Bayesian-model averaging using MCMCBayes for web-browser vulnerability discovery," Reliability Engineering and System Safety, Elsevier, vol. 183(C), pages 341-359.
    4. Andrew Fielder & Sandra König & Emmanouil Panaousis & Stefan Schauer & Stefan Rass, 2018. "Risk Assessment Uncertainties in Cybersecurity Investments," Games, MDPI, vol. 9(2), pages 1-14, June.
    5. Schmidt, Andreas, 2012. "At the boundaries of peer production: The organization of Internet security production in the cases of Estonia 2007 and Conficker," Telecommunications Policy, Elsevier, vol. 36(6), pages 451-461.
    6. Kox, Henk L.M., 2013. "Cybersecurity in the perspective of Internet traffic growth," MPRA Paper 47883, University Library of Munich, Germany.
    7. Carlos Martí Sempere, 2011. "A Survey of the European Security Market," Economics of Security Working Paper Series 43, DIW Berlin, German Institute for Economic Research.
    8. Moore, Tyler, 2010. "The economics of cybersecurity: Principles and policy options," International Journal of Critical Infrastructure Protection, Elsevier, vol. 3(3), pages 103-117.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:oec:stiaaa:2008/1-en. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: the person in charge (email available below). General contact details of provider: https://edirc.repec.org/data/scoecfr.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.