Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment
Cybersecurity is a national priority in this big data era. Because of negative externalities and the resulting lack of economic incentives, companies often underinvest in security controls, despite government and industry recommendations. Although many existing studies on security have explored tech...
Saved in:
Main Authors: | , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2013
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/2566 https://ink.library.smu.edu.sg/context/sis_research/article/3566/viewcontent/TangWEIS2013.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-3566 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-35662020-01-07T07:59:00Z Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment TANG, Qian LINDEN, Leigh L. QUARTERMAN, John S. WHINSTON, Andrew B. Cybersecurity is a national priority in this big data era. Because of negative externalities and the resulting lack of economic incentives, companies often underinvest in security controls, despite government and industry recommendations. Although many existing studies on security have explored technical solutions, only a few have looked at the economic motivations. To fill the gap, we propose an approach to increase the incentives of organizations to address security problems. Specifically, we utilize and process existing security vulnerability data, derive explicit security performance information, and disclose the information as feedback to organizations and the public. We regularly release information on the organizations with the worst security behaviors, imposing reputation loss on them. The information is also used by organizations for self-evaluation in comparison to others. Therefore, additional incentives are solicited out of reputation concern and social comparison. To test the effectiveness of our approach, we conducted a field quasi-experiment for outgoing spam for 1,718 autonomous systems in eight countries and published SpamRankings.net, the website we created to release information. We found that the treatment group subject to information disclosure reduced outgoing spam approximately by 16%. We also found that the more observed outgoing spam from the top spammer, the less likely an organization would be to reduce its own outgoing spam, consistent with the prediction by social comparison theory. Our results suggest that social information and social comparison can be effectively leveraged to encourage desirable behavior. Our study contributes to both information architecture design and public policy by suggesting how information can be used as intervention to impose economic incentives. 2013-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2566 https://ink.library.smu.edu.sg/context/sis_research/article/3566/viewcontent/TangWEIS2013.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Internet Security externality social comparison information disclosure quasi-experiment reputation economic incentive Computer Sciences Information Security |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Internet Security externality social comparison information disclosure quasi-experiment reputation economic incentive Computer Sciences Information Security |
spellingShingle |
Internet Security externality social comparison information disclosure quasi-experiment reputation economic incentive Computer Sciences Information Security TANG, Qian LINDEN, Leigh L. QUARTERMAN, John S. WHINSTON, Andrew B. Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment |
description |
Cybersecurity is a national priority in this big data era. Because of negative externalities and the resulting lack of economic incentives, companies often underinvest in security controls, despite government and industry recommendations. Although many existing studies on security have explored technical solutions, only a few have looked at the economic motivations. To fill the gap, we propose an approach to increase the incentives of organizations to address security problems. Specifically, we utilize and process existing security vulnerability data, derive explicit security performance information, and disclose the information as feedback to organizations and the public. We regularly release information on the organizations with the worst security behaviors, imposing reputation loss on them. The information is also used by organizations for self-evaluation in comparison to others. Therefore, additional incentives are solicited out of reputation concern and social comparison. To test the effectiveness of our approach, we conducted a field quasi-experiment for outgoing spam for 1,718 autonomous systems in eight countries and published SpamRankings.net, the website we created to release information. We found that the treatment group subject to information disclosure reduced outgoing spam approximately by 16%. We also found that the more observed outgoing spam from the top spammer, the less likely an organization would be to reduce its own outgoing spam, consistent with the prediction by social comparison theory. Our results suggest that social information and social comparison can be effectively leveraged to encourage desirable behavior. Our study contributes to both information architecture design and public policy by suggesting how information can be used as intervention to impose economic incentives. |
format |
text |
author |
TANG, Qian LINDEN, Leigh L. QUARTERMAN, John S. WHINSTON, Andrew B. |
author_facet |
TANG, Qian LINDEN, Leigh L. QUARTERMAN, John S. WHINSTON, Andrew B. |
author_sort |
TANG, Qian |
title |
Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment |
title_short |
Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment |
title_full |
Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment |
title_fullStr |
Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment |
title_full_unstemmed |
Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment |
title_sort |
improving internet security through social information and social comparison: a field quasi-experiment |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2013 |
url |
https://ink.library.smu.edu.sg/sis_research/2566 https://ink.library.smu.edu.sg/context/sis_research/article/3566/viewcontent/TangWEIS2013.pdf |
_version_ |
1770572520114618368 |