Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities

Chenglong Zhang, Nan Feng, Jianjian Chen, Dahui Li, Minqiang Li

Research output: Contribution to journalArticle

Abstract

Firms in a close business partnership could choose to either outsource to the same or different Managed Security Service Providers (MSSPs) when making outsourcing decisions. Apart from security investments, compensation ratios, and network externalities, the firms in a close business partnership face the new challenge of correlated loss when making the outsourcing decisions. We first show that if the two firms in the business partnership outsource to the same MSSP, the security investments on the two firms are greater under positive externalities and vice versa. More importantly, we further find out that under positive externality the two firms are better off outsourcing to the same MSSP if the correlated loss level is lower (greater) than a threshold when the compensation ratios are less (greater) than 1; under negative externality the two firms are better off outsourcing to the same MSSP if the correlated loss level is lower (greater) than a threshold when the compensation ratios are greater (less) than 1. Our analytical results offer important managerial implications to firms in a close business partnership when deciding on their outsourcing strategies.

Original languageEnglish (US)
JournalInformation Systems Frontiers
DOIs
StateAccepted/In press - Jan 1 2020
Externally publishedYes

Keywords

  • Correlated loss
  • Information security
  • Moral hazard
  • Outsourcing strategy
  • Security externality

Fingerprint Dive into the research topics of 'Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities'. Together they form a unique fingerprint.

  • Cite this