In this research controlled economics experiments are used to test the predictions of economic theories that hypothesize effective cybersecurity tradeoffs within an organization depends on both worker incentives and the structure of job duties. In these experiments a team of economists and cybersecurity experts are working together to design virtual world experiments that measure the impact of different incentive arrangements and job design on operational cybersecurity risks. This is particularly interesting in computer intensive environments where the mix of competing tasks include easily monitored tasks with easily verified impact on organizational goals, such as tasks performed by application programming teams, and tasks that have a more ambiguous impact on organizational performance such as tasks associated with cybersecurity practices. In the former case high powered incentives often compete against the relatively low powered incentives associated resulting in the inefficient management of cybersecurity risks. The goal of this research is to better understand how management practice interacts with available cybersecurity technologies and cybersecurity threats to enable better risk management strategies within organizations. Such research provides evidence based findings that will make organizations more aware of their cybersecurity/operational-efficiency tradeoffs and thus allow them to improve their organizational practices and consequently their risk management strategies against cybersecurity threats.
SBES: Medium: Economic Incentives and Organizations for a Trustworthy Cyberspace