Bilateral Liability-Based Contracts in Information Security Outsourcing

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

23 Scopus Citations
View graph of relations

Author(s)

Detail(s)

Original languageEnglish
Pages (from-to)411-429
Journal / PublicationInformation Systems Research
Volume30
Issue number2
Online published23 May 2019
Publication statusPublished - Jun 2019

Abstract

We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to design two novel contracts: threshold-based liability contract and variable liability contract. We find that they can achieve the first best outcome when postbreach effort verification is feasible. More importantly, they are more efficient than a multilateral contract when the MSS provider assumes limited liability. Our results show that bilateral liability-based contracts can work in the real world. Hence, more research is needed to explore their properties. We discuss the related implications.

Research Area(s)

  • managed security service, liability-based contracts, negligence, auditing error, limited liability

Citation Format(s)

Bilateral Liability-Based Contracts in Information Security Outsourcing. / Hui, Kai-Lung; Ke, Ping Fan; Yao, Yuxi et al.
In: Information Systems Research, Vol. 30, No. 2, 06.2019, p. 411-429.

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review