Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/64481

Information Disclosure and Security Vulnerability Awareness: A Large-Scale Randomized Field Experiment in Pan-Asia

File Size Format  
0597.pdf 478.81 kB Adobe PDF View/Open

Item Summary

Title:Information Disclosure and Security Vulnerability Awareness: A Large-Scale Randomized Field Experiment in Pan-Asia
Authors:Zhuang, Yunhui
Choi, Yunsik
He, Shu
Leung, Alvin Chung-Man
Lee, Gene Moo
show 1 moreWhinston, Andrew
show less
Keywords:Strategy, Information, Technology, Economics and Society (SITES)
cybersecurity
externality
policy design
spam
show 5 morephishing
botnet
information security index
organizational security
randomized field experiment
show less
Date Issued:07 Jan 2020
Abstract:This paper investigates how the disclosure of a security vulnerability index based on outgoing spams and phishing website hosting which may serve as an indicator of a firm’s inadequate security controls affects companies’ security protection strategy. Our core objective is to study whether firms improve their security when they become aware of their vulnerabilities and such information is publicized. To achieve this goal, we conduct a randomized field experiment on 1,262 firms in six Pan-Asian countries and regions. Among 631 treatment firms, we alert them of their security vulnerability index and ranking over time, and their relative performance compared to their peers via emails and a public advisory website. Compared with control firms without being informed of their security vulnerability index, treatment firms improve their security over time, with a significant reduction of outgoing spam volume. A marginally significant improvement in reducing phishing hosting websites is also observed among non-web hosting treatment firms. The security improvement may be attributed to firms’ proactive reaction to the public security vulnerability information. Our study provides cybersecurity policy makers with useful insights to motivate firms to adopt better security measures.
Pages/Duration:10 pages
URI:http://hdl.handle.net/10125/64481
ISBN:978-0-9981331-3-3
DOI:10.24251/HICSS.2020.739
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
https://creativecommons.org/licenses/by-nc-nd/4.0/
Appears in Collections: Society, Information, Technology, Economics and Strategy (SITES)


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons