IDEAS home Printed from https://ideas.repec.org/a/inm/orisre/v30y2019i2p411-429.html
   My bibliography  Save this article

Bilateral Liability-Based Contracts in Information Security Outsourcing

Author

Listed:
  • Kai-Lung Hui

    (Department of Information Systems, Business Statistics, and Operations Management, School of Business and Management, Hong Kong University of Science and Technology, Hong Kong, China;)

  • Ping Fan Ke

    (Department of Information Systems, Business Statistics, and Operations Management, School of Business and Management, Hong Kong University of Science and Technology, Hong Kong, China;)

  • Yuxi Yao

    (Department of Economics, University of Western Ontario, London, Ontario N6A 5C2, Canada;)

  • Wei T. Yue

    (Department of Information Systems, College of Business, City University of Hong Kong, Hong Kong, China)

Abstract

We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to design two novel contracts: threshold-based liability contract and variable liability contract. We find that they can achieve the first best outcome when postbreach effort verification is feasible. More importantly, they are more efficient than a multilateral contract when the MSS provider assumes limited liability. Our results show that bilateral liability-based contracts can work in the real world. Hence, more research is needed to explore their properties. We discuss the related implications. The online appendix is available at https://doi.org/10.1287/isre.2018.0806 .

Suggested Citation

  • Kai-Lung Hui & Ping Fan Ke & Yuxi Yao & Wei T. Yue, 2019. "Bilateral Liability-Based Contracts in Information Security Outsourcing," Information Systems Research, INFORMS, vol. 30(2), pages 411-429, June.
    • Handle: RePEc:inm:orisre:v:30:y:2019:i:2:p:411-429
    DOI: 10.1287/isre.2018.0806
    as

    Download full text from publisher

    File URL: https://doi.org/10.1287/isre.2018.0806
    Download Restriction: no
    File URL: https://libkey.io/10.1287/isre.2018.0806?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Duncan P. Mann & Jennifer P. Wissink, 1988. "Money-Back Contracts with Double Moral Hazard," RAND Journal of Economics, The RAND Corporation, vol. 19(2), pages 285-292, Summer.
    2. Sugato Bhattacharyya & Francine Lafontaine, 1995. "Double-Sided Moral Hazard and the Nature of Share Contracts," RAND Journal of Economics, The RAND Corporation, vol. 26(4), pages 761-781, Winter.
    3. Russell Cooper & Thomas W. Ross, 1985. "Product Warranties and Double Moral Hazard," RAND Journal of Economics, The RAND Corporation, vol. 16(1), pages 103-113, Spring.
    4. David Fitoussi & Vijay Gurbaxani, 2012. "IT Outsourcing Contracts and Performance Measurement," Information Systems Research, INFORMS, vol. 23(1), pages 129-143, March.
    5. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2013. "Contracting Information Security in the Presence of Double Moral Hazard," Information Systems Research, INFORMS, vol. 24(2), pages 295-311, June.
    6. Anjana Susarla & Ramanath Subramanyam & Prasanna Karhade, 2010. "Contractual Provisions to Mitigate Holdup: Evidence from Information Technology Outsourcing," Information Systems Research, INFORMS, vol. 21(1), pages 37-55, March.
    7. Deepa Mani & Anitesh Barua & Andrew B. Whinston, 2012. "An Empirical Analysis of the Contractual and Information Structures of Business Process Outsourcing Relationships," Information Systems Research, INFORMS, vol. 23(3-part-1), pages 618-634, September.
    8. Shantanu Bhattacharya & Alok Gupta & Sameer Hasija, 2014. "Joint Product Improvement by Client and Customer Support Center: The Role of Gain-Share Contracts in Coordination," Information Systems Research, INFORMS, vol. 25(1), pages 137-151, March.
    9. O. Zeynep Akc{s}in & Francis de Véricourt & Fikri Karaesmen, 2008. "Call Center Outsourcing Contract Analysis and Choice," Management Science, INFORMS, vol. 54(2), pages 354-368, February.
    10. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    11. Guillaume Roels & Uday S. Karmarkar & Scott Carr, 2010. "Contracting for Collaborative Services," Management Science, INFORMS, vol. 56(5), pages 849-863, May.
    12. Emons, Winand, 1988. "Warranties, moral hazard, and the lemons problem," Journal of Economic Theory, Elsevier, vol. 46(1), pages 16-33, October.
    13. Rajiv Jayanth & Varghese S. Jacob & Suresh Radhakrishnan, 2011. "Vendor and Client Interaction for Requirements Assessment in Software Development: Implications for Feedback Process," Information Systems Research, INFORMS, vol. 22(2), pages 289-305, June.
    14. Huseyin Cavusoglu & Srinivasan Raghunathan & Hasan Cavusoglu, 2009. "Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems," Information Systems Research, INFORMS, vol. 20(2), pages 198-217, June.
    15. Terrence August & Marius Florin Niculescu & Hyoduk Shin, 2014. "Cloud Implications on Software Network Structure and Security Risks," Information Systems Research, INFORMS, vol. 25(3), pages 489-510, September.
    16. Anandasivam Gopal & Konduru Sivaramakrishnan & M. S. Krishnan & Tridas Mukhopadhyay, 2003. "Contracts in Offshore Software Development: An Empirical Analysis," Management Science, INFORMS, vol. 49(12), pages 1671-1683, December.
    17. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2016. "Mandatory Standards and Organizational Information Security," Information Systems Research, INFORMS, vol. 27(1), pages 70-86, March.
    18. Debabrata Dey & Ming Fan & Conglei Zhang, 2010. "Design and Analysis of Contracts for Software Outsourcing," Information Systems Research, INFORMS, vol. 21(1), pages 93-114, March.
    19. Nitish Jain & Sameer Hasija & Dana G. Popescu, 2013. "Optimal Contracts for Outsourcing of Repair and Restoration Services," Operations Research, INFORMS, vol. 61(6), pages 1295-1311, December.
    20. Jerry Green, 1976. "On the Optimal Structure of Liability Laws," Bell Journal of Economics, The RAND Corporation, vol. 7(2), pages 553-574, Autumn.
    21. Steven Shavell, 1979. "On Moral Hazard and Insurance," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 93(4), pages 541-562.
    22. John Kambhu, 1982. "Optimal Product Quality under Asymmetric Information and Moral Hazard," Bell Journal of Economics, The RAND Corporation, vol. 13(2), pages 483-492, Autumn.
    23. Asunur Cezar & Huseyin Cavusoglu & Srinivasan Raghunathan, 2014. "Outsourcing Information Security: Contracting Issues and Security Implications," Management Science, INFORMS, vol. 60(3), pages 638-657, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Xing Gao & Siyu Gong, 2022. "An economic analysis of information security outsourcing with competitive firms," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(7), pages 2748-2758, October.
    2. Hui, Kai-Lung & Zhou, Jiali, 2020. "The Economics of Hacking," MPRA Paper 102706, University Library of Munich, Germany.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Shantanu Bhattacharya & Alok Gupta & Sameer Hasija, 2014. "Joint Product Improvement by Client and Customer Support Center: The Role of Gain-Share Contracts in Coordination," Information Systems Research, INFORMS, vol. 25(1), pages 137-151, March.
    2. Emre M. Demirezen & Subodha Kumar & Bala Shetty, 2016. "Managing Co-Creation in Information Technology Projects: A Differential Games Approach," Information Systems Research, INFORMS, vol. 27(3), pages 517-537.
    3. He Huang & Minhui Hu & Robert J. Kauffman & Hongyan Xu, 2021. "The Power of Renegotiation and Monitoring in Software Outsourcing: Substitutes or Complements?," Information Systems Research, INFORMS, vol. 32(4), pages 1236-1261, December.
    4. Krishnan S. Anand & Manu Goyal, 2019. "Ethics, Bounded Rationality, and IP Sharing in IT Outsourcing," Management Science, INFORMS, vol. 65(11), pages 5252-5267, November.
    5. He Huang & Zhipeng Li & De Liu & Hongyan Xu, 2022. "Auctioning IT Contracts with Renegotiable Scope," Management Science, INFORMS, vol. 68(8), pages 6003-6023, August.
    6. Xing Gao & Weijun Zhong, 2016. "A differential game approach to security investment and information sharing in a competitive environment," IISE Transactions, Taylor & Francis Journals, vol. 48(6), pages 511-526, June.
    7. Tian Heong Chan & Francis de Véricourt & Omar Besbes, 2019. "Contracting in Medical Equipment Maintenance Services: An Empirical Investigation," Management Science, INFORMS, vol. 65(3), pages 1136-1150, March.
    8. Mingwen Yang & Varghese S. Jacob & Srinivasan Raghunathan, 2021. "Cloud Service Model’s Role in Provider and User Security Investment Incentives," Production and Operations Management, Production and Operations Management Society, vol. 30(2), pages 419-437, February.
    9. Prasenjit Mandal & Tarun Jain & Abhishek Chakraborty, 2021. "Quality collaboration contracts under product pricing strategies," Annals of Operations Research, Springer, vol. 302(1), pages 231-264, July.
    10. Yong Wu & Junlin Duan & Tao Dai & Dong Cheng, 2020. "Managing Security Outsourcing in the Presence of Strategic Hackers," Decision Analysis, INFORMS, vol. 17(3), pages 235-259, September.
    11. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    12. Dur, Robert & Non, Arjan & Roelfsema, Hein, 2010. "Reciprocity and incentive pay in the workplace," Journal of Economic Psychology, Elsevier, vol. 31(4), pages 676-686, August.
    13. Tim Friehe & Tobias Tröger, 2012. "Sequencing of remedies in sales law," European Journal of Law and Economics, Springer, vol. 33(1), pages 159-184, February.
    14. Xing Gao & Siyu Gong, 2022. "An economic analysis of information security outsourcing with competitive firms," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(7), pages 2748-2758, October.
    15. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2013. "Contracting Information Security in the Presence of Double Moral Hazard," Information Systems Research, INFORMS, vol. 24(2), pages 295-311, June.
    16. Moussawi-Haidar, Lama & Çömez-Dolgan, Nagihan, 2017. "Percentage rent contracts between co-stores," European Journal of Operational Research, Elsevier, vol. 258(3), pages 912-925.
    17. Giorgio Coricelli & Luigi Luini, 1999. "Double Moral Hazard: an Experiment on Warranties," CEEL Working Papers 9901, Cognitive and Experimental Economics Laboratory, Department of Economics, University of Trento, Italia.
    18. Guillaume Roels, 2014. "Optimal Design of Coproductive Services: Interaction and Work Allocation," Manufacturing & Service Operations Management, INFORMS, vol. 16(4), pages 578-594, October.
    19. Anyangah, Joshua O., 2017. "Creditor rights protection, tort claims and credit," International Review of Law and Economics, Elsevier, vol. 52(C), pages 29-43.
    20. S. Alex Yang & Nitin Bakshi & Christopher J. Chen, 2021. "Trade Credit Insurance: Operational Value and Contract Choice," Management Science, INFORMS, vol. 67(2), pages 875-891, February.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:30:y:2019:i:2:p:411-429. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.