Abstract
This article develops an economic model that shows the optimal level of information security investment in the context of interdependent security risks. Using particular functional forms, the analysis shows that the relationship between the security vulnerability level and the level of optimal information security investment is affected by externalities caused by agents’ correlated security risks. This article further illustrates that these externalities make an agent invest a different fraction of the expected loss compared to security investments in the situation of independent security risks: that is, in order to maximize the expected benefits from security investments, an agent should invest a larger fraction of the expected loss from a security breach in the case of negative externalities, while an agent should spend a smaller fraction of the expected loss in the case of negative externalities.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
