A Modest Proposal for Open Market Risk Assessment to Solve the Cyber-Security Problem
This tackles cybersecurity incentive issues for IT industries and consumers, but appears incremental as it builds on existing market-based risk assessment concepts.
The authors propose a market-based economic system for cyber-risk valuation to address incentive problems in the IT industry, aiming to create a secure information marketplace by providing open, consensus-based risk pricing for informed decision-making.
We introduce a model for a market based economic system of cyber-risk valuation to correct fundamental problems of incentives within the information technology and information processing industries. We assess the makeup of the current day marketplace, identify incentives, identify economic reasons for current failings, and explain how a market based risk valuation system could improve these incentives to form a secure and robust information marketplace for all consumers by providing visibility into open, consensus based risk pricing and allowing all parties to make well informed decisions.