Bilateral Liability-Based Contracts in Information Security Outsourcing
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
Original language | English |
---|---|
Pages (from-to) | 411-429 |
Journal / Publication | Information Systems Research |
Volume | 30 |
Issue number | 2 |
Online published | 23 May 2019 |
Publication status | Published - Jun 2019 |
Link(s)
Abstract
We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to design two novel contracts: threshold-based liability contract and variable liability contract. We find that they can achieve the first best outcome when postbreach effort verification is feasible. More importantly, they are more efficient than a multilateral contract when the MSS provider assumes limited liability. Our results show that bilateral liability-based contracts can work in the real world. Hence, more research is needed to explore their properties. We discuss the related implications.
Research Area(s)
- managed security service, liability-based contracts, negligence, auditing error, limited liability
Citation Format(s)
Bilateral Liability-Based Contracts in Information Security Outsourcing. / Hui, Kai-Lung; Ke, Ping Fan; Yao, Yuxi et al.
In: Information Systems Research, Vol. 30, No. 2, 06.2019, p. 411-429.
In: Information Systems Research, Vol. 30, No. 2, 06.2019, p. 411-429.
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review