Date Posted: 2005
Full text (original)
This paper examines the incentives of private actors to invest in cybersecurity. Prior analyses have examined investments in security goods, such as locks or safes that have the characteristics of private goods. The analysis in this paper extends this analysis to examine expenditures on security goods, such as information, that have the characteristics of public goods. In contrast to the private goods case, where individual uncoordinated security expenditures can lead to an overproduction of security, the public goods case can result in the underproduction of security expenditures, and incentives to free ride. Thus, the formation of collective organizations may be necessary to facilitate the production of public security goods, and the protection of information produced by the collective organization should be a central feature of such organizations.