This paper finds that alleged cybersecurity market failures are, at a minimum, much smaller than they first appear and, consequently, that attempts to correct them through naive government regulation run the serious risk of doing more harm than good.
Some policy analysts seem willing to infer a market failure any time they observe an externality. This inference is a colossal error. Despite the close relationship between externalities and market failure, the observation of an externality is not sufficient to infer a market failure.
This paper is devoted to the rectification of this error, with specific application to cybersecurity policy. The first half of the paper presents several reasons, supported by the economic literature, why externalities are insufficient for the inference of market failure. The second half of the paper applies these arguments to areas of cybersecurity policy in which it has been claimed that markets have failed and government intervention is therefore necessary.
This paper finds that alleged cybersecurity market failures are, at a minimum, much smaller than they at first appear and, consequently, that attempts to correct them through naïve government regulation run the serious risk of doing more harm than good.
Related Content
- | Technology and Innovation Technology and Innovation
- | Data Visualizations Data Visualizations
Federal Cybersecurity Breaches Mount Despite Increased Spending
- | Technology and Innovation Technology and Innovation
- | Working Papers Working Papers
Internet Security Without Law: How Service Providers Create Order Online
- | Technology and Innovation Technology and Innovation
- | Working Papers Working Papers