Start Date
14-12-2012 12:00 AM
Description
Cybersecurity is a national priority in this big data era. Because of the lack of incentives and the existence of negative externality, companies often underinvest in addressing security risks and accidents, despite government and industry recommendations. In the present article, we propose a method that utilizes reputation through information disclosure to motivate companies to behave pro-socially, improving their Internet security. Using outbound spam as a proxy for Internet security, we conducted a quasi-experimental field study for eight countries through SpamRankings.net. This outgoing-spam-based study shows that information disclosure on outgoing spam can help reduce outgoing spam, approximately by 16 percent. This finding suggests that information disclosure can be leveraged to encourage companies to reduce security threats. It also provides support for public policies that require mandatory reporting from organizations and offers implications for evaluating and executing such policies.
Recommended Citation
Tang, Qian; Linden, Leigh; Quarterman, John S.; and Whinston, Andrew, "Reputation as Public Policy for Internet Security: A Field Study" (2012). ICIS 2012 Proceedings. 7.
https://aisel.aisnet.org/icis2012/proceedings/ISSecurity/7
Reputation as Public Policy for Internet Security: A Field Study
Cybersecurity is a national priority in this big data era. Because of the lack of incentives and the existence of negative externality, companies often underinvest in addressing security risks and accidents, despite government and industry recommendations. In the present article, we propose a method that utilizes reputation through information disclosure to motivate companies to behave pro-socially, improving their Internet security. Using outbound spam as a proxy for Internet security, we conducted a quasi-experimental field study for eight countries through SpamRankings.net. This outgoing-spam-based study shows that information disclosure on outgoing spam can help reduce outgoing spam, approximately by 16 percent. This finding suggests that information disclosure can be leveraged to encourage companies to reduce security threats. It also provides support for public policies that require mandatory reporting from organizations and offers implications for evaluating and executing such policies.