Cyber Security
Conceptual or Substantive Assumptions
Cybersecurity is fast approaching a place where it is becoming a form of currency with consumers and clients. It is only in the past decade that digital environments became a normal and typical way to transact business. Consumers and clients quite rapidly adapted to the convenience of conducting business and managing their finances in online environments. Certainly, there were -- and are -- people who did not fully trust digital commerce, but consumers choices narrowed to a point where non-digital transactions were constrained. For instance, customers of banks were funneled into online transactions as some banks gave up a bricks-and-mortar presence. Consumers who wanted more choices when making everyday purchases found meager goods on the shelves but an abundance of inventory online. Patients learned to access their medical records and test results online, and many medical practitioners now keep online office hours for emergency communications and treatment advice. All manner of business and personal transactions have come to rely on the functions and services found in digital environments. One overarching attribute is necessary for this new way of accomplishing economic transactions: that attribute is trust.
Trust between the public and private companies is fundamental to sustaining the way business is conducted today, and for enabling technological innovations to continue...
Yet, the essential ingredient of trust has been seriously eroded over the past several years as consumers and business have experienced the shock of expansive and pervasive cybercrime. In much the same way that the exchange of paper money in commerce is based on trust, and keeps economies functioning in predictable and understandable ways, commercial transactions that depend on secure and expedient information technology pivot on the notion of trust. Cybercrime impacts the bottom line of businesses in terms of the costs to restore secure IT functioning and pay reparations as required. But cybercrime also impacts the reputation of businesses, which can result in long-term losses from bleeding brand equity and diminished consumer loyalty. In the long run, it is likely that businesses will pay less upfront to ensure the cybersecurity of their systems than they will to repair damages resulting from cybercrime. The idea of businesses benefitting from expenditures to improve cybersecurity is neither unique nor new; however, a number of prophylactic commercial approaches for dealing with cybercrime are new -- and they may well capture the imagination of businesses concerned with meeting the high cost of cybersecurity out of their own coffers.
Several years ago the Internet Security Alliance (ISA) Cyber Security organization proposed a constellation of potential market incentives to evoke…
