JIS  Vol.7 No.5 , October 2016
Cybersecurity: Integrating Information into the Microeconomics of the Consumer and the Firm
Abstract: The connectivity of information has changed many things but not the way economists model consumers, firms and government. Information is here newly modeled as a fundamental element of microeconomic choices and utility, cost and tax functions. The results are more clearly defined metrics for losses due to cyber breaches or productivity gains from cyber investments. The integration of information into standard microeconomics also allows use of econometric and other tools to analyze the empirics of the consumer and the firm. In particular, the results identify ways in which losses in the Gordon and Loeb [1] model can be specified in more detail.
Cite this paper: Farrow, S. (2016) Cybersecurity: Integrating Information into the Microeconomics of the Consumer and the Firm. Journal of Information Security, 7, 281-290. doi: 10.4236/jis.2016.75023.

[1]   Gordon, L. and Loeb, M. (2002) The Economics of Information Security Investment. ACM Transactions on Information and System Security, 5, 438-457.

[2]   Bikhchandani, S., Hirshleifer, J. and Riley, J.G. (2013) The Analytics of Uncertainty and Information. 2nd Edition, Cambridge University Press, Cambridge.

[3]   Rogerson, R., Shimer, R. and Wright, R. (2005) Search-Theoretic Models of the Labor Market: A Survey. Journal of Economic Literature, 959-988.

[4]   Farrow, S. and Szanton, J. (2016) Cybersecurity Investment Guidance: Extensions of the Gordon and Loeb Model. Journal of Information Security, 7, 15-28.

[5]   Gordon, L., Loeb, M., Lucyshyn, W. and Zhou, L. (2015) Externalities and the Magnitude of Cyber Security Underinvestment by Private Sector Firms: A Modification of the Gordon-Loeb Model. Journal of Information Security, 6, 24-30.

[6]   Levinson, D. (2002) Encyclopedia of Crime and Punishment. Vol I, Sage Publications.

[7]   Anderson, R., Barton, C., Boehme, R., Clayton, R., van Eeten, M., Levi, M., Moore, T. and Savage, S. (2012) Measuring the Cost of Cyber Crime. Workshop in the Economics of Information Security (WEIS).

[8]   Undercofer, J., Joshi, A. and Pinkson, J. (2003) Modeling Computer Attacks: An Ontology for Intrusion Detection. Proceedings of the Sixth International Symposium on Recent Advances in Intrusion Detection.

[9]   Detica and the Office of Cyber Security and Information Assurance (2011) The Cost of Cybercrime, February.

[10]   Becker, G. (1965) A Theory of the Allocation of Time. Economic Journal, 75, 493-517.

[11]   Gronau, R. and Hammermesh, D. (2006) Time vs. Goods: The Value of Measuring Household Production Technologies. Review of Income and Wealth, 52, 1-16.

[12]   Campbell, K., Gordon, L.A., Loeb, M. and Zhou, L. (2003) The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market. Journal of Computer Security, 11, 431-448.

[13]   Eeckhoudt, L., Gollier, C. and Schlesinger, H. (2005) Economic and Financial Decisions Under Risk. Princeton University Press, Princeton.

[14]   Clemen, R.T. and Reilley, T. (2001) Making Hard Decisions. Duxbury Press, Belmont.

[15]   Keeney, R.L. and Raiffa, H. (1976) Decision Making with Multiple Objectives Preferences and Value Tradeoffs. Wiley, New York.

[16]   Della Vigna, S. (2009) Psychology and Economics: Evidence from the Field. Journal of Economic Literature, 47, 315-372.

[17]   Farrow, S. and Scott, M. (2013) Comparing Multi-State Expected Damages, Option Price and Cumulative Prospect Measures for Valuing Flood Protection. Water Resources Research, 49, 2638-2648.

[18]   Wakker, P. (2010) Prospect Theory for Risk and Ambiguity. Cambridge University Press, Cambridge.