Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities

Chenglong Zhang, Nan Feng, Jianjian Chen, Dahui Li, Minqiang Li

Research output: Contribution to journalArticlepeer-review

Abstract

Firms in a close business partnership could choose to either outsource to the same or different Managed Security Service Providers (MSSPs) when making outsourcing decisions. Apart from security investments, compensation ratios, and network externalities, the firms in a close business partnership face the new challenge of correlated loss when making the outsourcing decisions. We first show that if the two firms in the business partnership outsource to the same MSSP, the security investments on the two firms are greater under positive externalities and vice versa. More importantly, we further find out that under positive externality the two firms are better off outsourcing to the same MSSP if the correlated loss level is lower (greater) than a threshold when the compensation ratios are less (greater) than 1; under negative externality the two firms are better off outsourcing to the same MSSP if the correlated loss level is lower (greater) than a threshold when the compensation ratios are greater (less) than 1. Our analytical results offer important managerial implications to firms in a close business partnership when deciding on their outsourcing strategies.

Original languageEnglish (US)
Pages (from-to)773-790
Number of pages18
JournalInformation Systems Frontiers
Volume23
Issue number3
DOIs
StatePublished - Jun 2021
Externally publishedYes

Bibliographical note

Funding Information:
The research was supported by the National Natural Science Foundations of China (Grant numbers: 71871155 and 71631003) .

Publisher Copyright:
© 2020, Springer Science+Business Media, LLC, part of Springer Nature.

Keywords

  • Correlated loss
  • Information security
  • Moral hazard
  • Outsourcing strategy
  • Security externality

Fingerprint

Dive into the research topics of 'Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities'. Together they form a unique fingerprint.

Cite this