Information Disclosure and Security Vulnerability Awareness: A Large-Scale Randomized Field Experiment in Pan-Asia

dc.contributor.authorZhuang, Yunhui
dc.contributor.authorChoi, Yunsik
dc.contributor.authorHe, Shu
dc.contributor.authorLeung, Alvin Chung-Man
dc.contributor.authorLee, Gene Moo
dc.contributor.authorWhinston, Andrew
dc.date.accessioned2020-01-04T08:26:16Z
dc.date.available2020-01-04T08:26:16Z
dc.date.issued2020-01-07
dc.description.abstractThis paper investigates how the disclosure of a security vulnerability index based on outgoing spams and phishing website hosting which may serve as an indicator of a firm’s inadequate security controls affects companies’ security protection strategy. Our core objective is to study whether firms improve their security when they become aware of their vulnerabilities and such information is publicized. To achieve this goal, we conduct a randomized field experiment on 1,262 firms in six Pan-Asian countries and regions. Among 631 treatment firms, we alert them of their security vulnerability index and ranking over time, and their relative performance compared to their peers via emails and a public advisory website. Compared with control firms without being informed of their security vulnerability index, treatment firms improve their security over time, with a significant reduction of outgoing spam volume. A marginally significant improvement in reducing phishing hosting websites is also observed among non-web hosting treatment firms. The security improvement may be attributed to firms’ proactive reaction to the public security vulnerability information. Our study provides cybersecurity policy makers with useful insights to motivate firms to adopt better security measures.
dc.format.extent10 pages
dc.identifier.doi10.24251/HICSS.2020.739
dc.identifier.isbn978-0-9981331-3-3
dc.identifier.urihttp://hdl.handle.net/10125/64481
dc.language.isoeng
dc.relation.ispartofProceedings of the 53rd Hawaii International Conference on System Sciences
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.urihttps://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subjectStrategy, Information, Technology, Economics and Society (SITES)
dc.subjectcybersecurity
dc.subjectexternality
dc.subjectpolicy design
dc.subjectspam
dc.subjectphishing
dc.subjectbotnet
dc.subjectinformation security index
dc.subjectorganizational security
dc.subjectrandomized field experiment
dc.titleInformation Disclosure and Security Vulnerability Awareness: A Large-Scale Randomized Field Experiment in Pan-Asia
dc.typeConference Paper
dc.type.dcmiText

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
0597.pdf
Size:
478.81 KB
Format:
Adobe Portable Document Format