Profit-Maximizing Firm Investments in Customer Information Security

Profit-Maximizing Firm Investments in Customer Information Security

When a customer interacts with a firm, extensive personal information often is gathered without the individual's knowledge. Significant risks are associated with handling this kind of information. Providing protection may reduce the risk of the loss and misuse of private information, but it imp...

Full description

Saved in:
Bibliographic Details
Main Authors: LEE, Yong Yick, KAUFFMAN, Robert J., SOUGSTAD, Ryan
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2011
Subjects:
Customer information
Financial economics
Information security
Managerial decision-making
Operational risks
Risk management
Value-at-risk
Business
Computer Sciences
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/2181
https://ink.library.smu.edu.sg/context/sis_research/article/3181/viewcontent/Profit_max_customer_security_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-3181
record_format dspace
spelling sg-smu-ink.sis_research-31812020-01-12T05:11:25Z Profit-Maximizing Firm Investments in Customer Information Security LEE, Yong Yick KAUFFMAN, Robert J. SOUGSTAD, Ryan When a customer interacts with a firm, extensive personal information often is gathered without the individual's knowledge. Significant risks are associated with handling this kind of information. Providing protection may reduce the risk of the loss and misuse of private information, but it imposes some costs on both the firm and its customers. Nevertheless, customer information security breaches still may occur. They have several distinguishing characteristics: (1) typically it is hard to quantify monetary damages related to them; (2) customer information security breaches may be caused by intentional attacks, as well as through unintentional organizational and customer behaviors; and (3) the frequency of such incidents typically is low, although they can be very costly when they occur. As a result, predictive models and explanatory statistical analysis using historical data have not been effective. We present a profit optimization model for customer information security investments. Our approach is based on value-at-risk methods and operational risk modeling from financial economics. The main results of this work are that we: (1) provide guidance on the trade-offs between risk and return in customer information security investments; (2) define the range of efficient investments in technology-supported risk indemnification for sellers; (3) model how to handle government-dictated levels of investment versus self-regulation of investments in technology; and (4) characterize customer information security investment levels when the firm is able to pass some of its costs on to consumers. We illustrate our theoretical findings with empirical data from the Open Security Foundation, as a means of grounding our analysis and offering the reader intuition for the managerial interpretation of our theory and main results. The results show that we can narrow the decision set for solution providers and policy-makers based on the estimable risks and losses associated with customer information security. We also discuss the application of our approach in practice. 2011-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2181 info:doi/10.1016/j.dss.2011.02.009 https://ink.library.smu.edu.sg/context/sis_research/article/3181/viewcontent/Profit_max_customer_security_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Customer information Financial economics Information security Managerial decision-making Operational risks Risk management Value-at-risk Business Computer Sciences Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Customer information
Financial economics
Information security
Managerial decision-making
Operational risks
Risk management
Value-at-risk
Business
Computer Sciences
Information Security
spellingShingle Customer information
Financial economics
Information security
Managerial decision-making
Operational risks
Risk management
Value-at-risk
Business
Computer Sciences
Information Security
LEE, Yong Yick
KAUFFMAN, Robert J.
SOUGSTAD, Ryan
Profit-Maximizing Firm Investments in Customer Information Security
description When a customer interacts with a firm, extensive personal information often is gathered without the individual's knowledge. Significant risks are associated with handling this kind of information. Providing protection may reduce the risk of the loss and misuse of private information, but it imposes some costs on both the firm and its customers. Nevertheless, customer information security breaches still may occur. They have several distinguishing characteristics: (1) typically it is hard to quantify monetary damages related to them; (2) customer information security breaches may be caused by intentional attacks, as well as through unintentional organizational and customer behaviors; and (3) the frequency of such incidents typically is low, although they can be very costly when they occur. As a result, predictive models and explanatory statistical analysis using historical data have not been effective. We present a profit optimization model for customer information security investments. Our approach is based on value-at-risk methods and operational risk modeling from financial economics. The main results of this work are that we: (1) provide guidance on the trade-offs between risk and return in customer information security investments; (2) define the range of efficient investments in technology-supported risk indemnification for sellers; (3) model how to handle government-dictated levels of investment versus self-regulation of investments in technology; and (4) characterize customer information security investment levels when the firm is able to pass some of its costs on to consumers. We illustrate our theoretical findings with empirical data from the Open Security Foundation, as a means of grounding our analysis and offering the reader intuition for the managerial interpretation of our theory and main results. The results show that we can narrow the decision set for solution providers and policy-makers based on the estimable risks and losses associated with customer information security. We also discuss the application of our approach in practice.
format text
author LEE, Yong Yick
KAUFFMAN, Robert J.
SOUGSTAD, Ryan
author_facet LEE, Yong Yick
KAUFFMAN, Robert J.
SOUGSTAD, Ryan
author_sort LEE, Yong Yick
title Profit-Maximizing Firm Investments in Customer Information Security
title_short Profit-Maximizing Firm Investments in Customer Information Security
title_full Profit-Maximizing Firm Investments in Customer Information Security
title_fullStr Profit-Maximizing Firm Investments in Customer Information Security
title_full_unstemmed Profit-Maximizing Firm Investments in Customer Information Security
title_sort profit-maximizing firm investments in customer information security
publisher Institutional Knowledge at Singapore Management University
publishDate 2011
url https://ink.library.smu.edu.sg/sis_research/2181
https://ink.library.smu.edu.sg/context/sis_research/article/3181/viewcontent/Profit_max_customer_security_av.pdf
_version_ 1770571832377737216

Similar Items