The Internet has enabled tremendous economic and social innovation yet the underlying systems, networks and services sometimes fail miserably to protect the security of communications and data. Security incidents occur in many forms, including but not limited to the leaking and theft of private information, unauthorized access to information, malicious alteration of data, or software and service unavailability. Given the complexity of the problem, it seems improbable that security can be attained by eliminating all vulnerabilities. Moreover, preventative security measures are costly. Some level of uncertainty will therefore have to be accepted and choices need to be made, trading off competing objectives and limited resources. Recent research has developed approaches to better explain why certain security failures occur and others do not. These contributions clarified that security is not merely a technical problem that can be fixed with engineering solutions but that is also has important economic and behavioral dimensions that need to be addressed. Examining the incentives of players in the information and communication technology (ICT) ecosystem has been particularly fruitful in explaining the landscape of vulnerabilities and attacks that can be observed. The core of this work is rooted in information security economics. This chapter surveys the state of the art of the existing research with a focus on the criminal threats to cybersecurity.
You are not authenticated to view the full text of this chapter or article.
Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.
Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.
Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.