Information security decisions of firms considering security risk interdependency

作者：

Highlights：

• We discuss firms’ security decisions by considering two types of risk interdependency.

• The degree of complementation and substitution lower firm’s effort level.

• Technical similarity enhances (reduces) complementary (substitutable) firm’s effort.

• We propose two incentive mechanisms to eliminate the negative effects of risk interdependency.

摘要

•We discuss firms’ security decisions by considering two types of risk interdependency.•The degree of complementation and substitution lower firm’s effort level.•Technical similarity enhances (reduces) complementary (substitutable) firm’s effort.•We propose two incentive mechanisms to eliminate the negative effects of risk interdependency.

论文关键词：Complementation,Substitution,Technical similarity,Security effort,Incentive mechanism

论文评审过程：Received 3 December 2020, Revised 13 March 2021, Accepted 1 April 2021, Available online 6 April 2021, Version of Record 23 April 2021.

论文官网地址：https://doi.org/10.1016/j.eswa.2021.114990