IDEAS home Printed from
   My bibliography  Save this article

The potential for underinvestment in internet security: implications for regulatory policy


  • Alfredo Garcia


  • Barry Horowitz



With the continuing growth of the use of the Internet for business purposes, the consequences of a possible cyber attack that could create a large scale outage of long time duration becomes a more and more serious economic issue. In this paper, we construct a game-theoretic model that addresses the economic motivations for investment in added Internet security and makes a case for a possible market failure in the form of underinvestment in the provision of Internet security. This result relies on the fact that the social value derived from consumption (which is at least equal to a fraction of the surplus derived from e-commerce) greatly exceeds the revenue at stake associated with the telecommunications companies’ and ISP’s security levels. If the ratio of social value to revenue at stake to Internet providers continues to grow, the likelihood of underinvestment in security becomes higher and some form of regulation may become necessary. We discuss the difficulties associated with designing and enforcing a regulatory scheme based upon mandatory security standards. Copyright Springer Science+Business Media, LLC 2007

Suggested Citation

  • Alfredo Garcia & Barry Horowitz, 2007. "The potential for underinvestment in internet security: implications for regulatory policy," Journal of Regulatory Economics, Springer, vol. 31(1), pages 37-55, February.
  • Handle: RePEc:kap:regeco:v:31:y:2007:i:1:p:37-55
    DOI: 10.1007/s11149-006-9011-y

    Download full text from publisher

    File URL:
    Download Restriction: Access to full text is restricted to subscribers.

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    1. Martin Cave & Robin Mason, 2001. "The Economics of the Internet: Infrastructure and Regulation," Oxford Review of Economic Policy, Oxford University Press, vol. 17(2), pages 188-201, Summer.
    2. Giovannetti, Emanuele, 2001. "Perpetual Leapfrogging in Bertrand Duopoly," International Economic Review, Department of Economics, University of Pennsylvania and Osaka University Institute of Social and Economic Research Association, vol. 42(3), pages 671-696, August.
    3. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    4. Carl Shapiro, 1983. "Premiums for High Quality Products as Returns to Reputations," The Quarterly Journal of Economics, Oxford University Press, vol. 98(4), pages 659-679.
    Full references (including those not matched with items on IDEAS)


    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.

    Cited by:

    1. Liao, Chun-Hsiung & Chen, Chun-Wei, 2014. "Network externality and incentive to invest in network security," Economic Modelling, Elsevier, vol. 36(C), pages 398-404.

    More about this item


    Internet Security; Market Failure; Game Theory; Nash Equilibrium; Markov perfect equilibrium; L51; L86; C72; C73; K23;

    JEL classification:

    • L51 - Industrial Organization - - Regulation and Industrial Policy - - - Economics of Regulation
    • L86 - Industrial Organization - - Industry Studies: Services - - - Information and Internet Services; Computer Software
    • C72 - Mathematical and Quantitative Methods - - Game Theory and Bargaining Theory - - - Noncooperative Games
    • C73 - Mathematical and Quantitative Methods - - Game Theory and Bargaining Theory - - - Stochastic and Dynamic Games; Evolutionary Games
    • K23 - Law and Economics - - Regulation and Business Law - - - Regulated Industries and Administrative Law


    Access and download statistics


    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:kap:regeco:v:31:y:2007:i:1:p:37-55. See general information about how to correct material in RePEc.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Sonal Shukla) or (Rebekah McClure). General contact details of provider: .

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service hosted by the Research Division of the Federal Reserve Bank of St. Louis . RePEc uses bibliographic data supplied by the respective publishers.