Bilateral liability-based contracts in information security outsourcing

Kai Lung Hui; Ping Fan Ke; Yuxi Yao; Wei T. Yue

doi:10.1287/isre.2018.0812

Bilateral liability-based contracts in information security outsourcing

Kai Lung Hui, Ping Fan Ke, Yuxi Yao, Wei T. Yue

Department of Information Systems, Business Statistics & Operations Management

Research output: Contribution to journal › Journal Article › peer-review

30 Citations (Scopus)

Abstract

We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to design two novel contracts: thresholdbased liability contract and variable liability contract. We find that they can achieve the first best outcome when postbreach effort verification is feasible. More importantly, they are more efficient than a multilateral contract when the MSS provider assumes limited liability. Our results show that bilateral liability-based contracts can work in the real world. Hence, more research is needed to explore their properties. We discuss the related implications.

Original language	English
Pages (from-to)	411-429
Number of pages	19
Journal	Information Systems Research
Volume	30
Issue number	2
DOIs	https://doi.org/10.1287/isre.2018.0812
Publication status	Published - 2019

Bibliographical note

Publisher Copyright:
© 2019 INFORMS.

Keywords

Auditing error
Liability-based contracts
Limited liability
Managed security service
Negligence

Access to Document

10.1287/isre.2018.0812

Cite this

@article{52b7d59cbdf44a3bab5612114873e6c6,

title = "Bilateral liability-based contracts in information security outsourcing",

abstract = "We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to design two novel contracts: thresholdbased liability contract and variable liability contract. We find that they can achieve the first best outcome when postbreach effort verification is feasible. More importantly, they are more efficient than a multilateral contract when the MSS provider assumes limited liability. Our results show that bilateral liability-based contracts can work in the real world. Hence, more research is needed to explore their properties. We discuss the related implications.",

keywords = "Auditing error, Liability-based contracts, Limited liability, Managed security service, Negligence",

author = "Hui, \{Kai Lung\} and Ke, \{Ping Fan\} and Yuxi Yao and Yue, \{Wei T.\}",

note = "Publisher Copyright: {\textcopyright} 2019 INFORMS.",

year = "2019",

doi = "10.1287/isre.2018.0812",

language = "English",

volume = "30",

pages = "411--429",

journal = "Information Systems Research",

issn = "1047-7047",

publisher = "INFORMS Inst.for Operations Res.and the Management Sciences",

number = "2",

}

TY - JOUR

T1 - Bilateral liability-based contracts in information security outsourcing

AU - Hui, Kai Lung

AU - Ke, Ping Fan

AU - Yao, Yuxi

AU - Yue, Wei T.

PY - 2019

Y1 - 2019

N2 - We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to design two novel contracts: thresholdbased liability contract and variable liability contract. We find that they can achieve the first best outcome when postbreach effort verification is feasible. More importantly, they are more efficient than a multilateral contract when the MSS provider assumes limited liability. Our results show that bilateral liability-based contracts can work in the real world. Hence, more research is needed to explore their properties. We discuss the related implications.

AB - We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to design two novel contracts: thresholdbased liability contract and variable liability contract. We find that they can achieve the first best outcome when postbreach effort verification is feasible. More importantly, they are more efficient than a multilateral contract when the MSS provider assumes limited liability. Our results show that bilateral liability-based contracts can work in the real world. Hence, more research is needed to explore their properties. We discuss the related implications.

KW - Auditing error

KW - Liability-based contracts

KW - Limited liability

KW - Managed security service

KW - Negligence

UR - https://www.webofscience.com/wos/woscc/full-record/WOS:000472610800005

UR - https://openalex.org/W2949032650

UR - https://www.scopus.com/pages/publications/85068590682

U2 - 10.1287/isre.2018.0812

DO - 10.1287/isre.2018.0812

M3 - Journal Article

SN - 1047-7047

VL - 30

SP - 411

EP - 429

JO - Information Systems Research

JF - Information Systems Research

IS - 2

ER -

Bilateral liability-based contracts in information security outsourcing

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this