Reputation as Public Policy for Internet Security:
A Field Quasi-Experiment
Qian Tang, Leigh Linden, John S. Quarterman, Andrew Whinston
Presented at ICIS 2012, Orlando, FL, 14 December 2012.
Project Supported by NSF Grant No. 1228990.
Abstract:
Cybersecurity is a national priority in this big data era. Because
of the lack of incentives and the existence of negative externality,
companies often underinvest in addressing security risks and
accidents, despite government and industry recommendations. In the
present article, we propose a method that utilizes reputation
through information disclosure to motivate companies to behave
pro-socially, improving their Internet security. Using outbound spam
as a proxy for Internet security, we conducted a quasi-experimental
field study for eight countries through SpamRankings.net. This
outgoing-spam-based study shows that information disclosure on
outgoing spam can help reduce outgoing spam, approximately by 16
percent. This finding suggests that information disclosure can be
leveraged to encourage companies to reduce security threats. It also
provides support for public policies that require mandatory
reporting from organizations and offers implications for evaluating
and executing such policies.
“ICIS is the major annual meeting of the Association for
Information Systems (AIS), which has over
4,000 members representing
universities in over 95 countries worldwide. It is the most
prestigious gathering of academics and practitioners in the IS
discipline, and provides a forum for networking and sharing of
latest ideas and highest caliber scientific work among the IS
professions. Each year, over 1,000 IS academic professions from
around the world participate in the conference program, which
includes about 60 sessions and 180 presentations, in addition to
keynotes, CIO panels, and research panels.”
| 
OVH, 
Hanaro, and 
Strato