Digital security plays a fundamental role in protecting IT systems and consumers in today’s digital economy, in which companies increasingly share data to create smart, interconnected services.
This complex and interdependent nature of digital markets means regulators need to take a coordinated approach with multiple stakeholders when developing policies.
We offer independent perspectives on socially optimal policies, built on robust game-theoretic modelling that can be fine-tuned to specific challenges. These insights complement computer science approaches to digital security that put the focus on developing secure technologies.
Our approach supports regulators by providing a deeper understanding of:
- The complex, interdependent relationships between cybersecurity, data sharing, and competition in digital markets.
- How coordinated policy interventions can avoid unintended consequences.
- How under-investment or over-investment in cybersecurity are linked with market failures and how policy interventions can correct these failures to ensure socially optimal levels of data protection.
- How increased consumer awareness and action on data safeguarding can potentially weaken security across the industry.
- The effectiveness of regulatory interventions like minimum security standards, disclosure policies and liability rules for cyber damages.
- The broader benefits of prioritising social welfare and consumer wellbeing when designing cybersecurity policies.
- The importance of understanding cybersecurity as a business decision tied to other profit-generating strategies, rather than an isolated technical problem.
Additional Resources for Regulators: Harnessing Market Incentives to Improve Cybersecurity Outcomes for Firms and Consumers (ESRC Discribe Hub+ Policy Briefing) » Download PDF
As a collaboration of academics from the University of Edinburgh and the University of Leicester, we work together with regulators and businesses to advance digital security through collaborative research.
Our models combine theoretical tractability with policy relevance to highlight the fundamental economic drivers behind market outcomes for cybersecurity.