Skip to Main Content
Security breaches are in the news almost daily, each bigger and more costly than the last. We believe an iterated weakest-link model accurately captures the challenges of many information security threats today. Our findings suggest a need to reassess conclusions that condemn seemingly lax security practices found in the media. Our model can assist policy makers in reducing negative externalities as consequences (not causes) of insecurity by better predicting situations that hinder proactive investment. The model also helps identify influential factors-notably, uncertainty about attacks-so that firms and managers can derive incentive based countermeasures.