Skip to main content
Springer Nature Link
Log in

Are Home Internet Users Willing to Pay ISPs for Improvements in Cyber Security?

  • Conference paper
  • First Online:
Economics of Information Security and Privacy III

  • 2467 Accesses

Abstract

One strategy for improving cyber security would be for Internet service providers (ISPs) to take a more active role in curtailing criminal behavior over the Internet. However, few ISPs today are offering robust security to their customers, arguing that home Internet users are unwilling to pay for improvements in cyber security. This lack of ISP involvement in improving cyber security has led some industry experts to support government solutions that encourage ISPs to take a more active role in security. Yet no prior studies have attempted to evaluate empirically whether home Internet users are willing to pay the monetary and nonmonetary costs of ISP-based security solutions. This makes it difficult to determine whether government intervention is necessary, what form the intervention should take, and what the welfare impacts of intervention would be. Our research takes the first step in filling this gap in the literature. Specifically, we used choice-based conjoint analysis to examine the preferences of US Internet users. We found that home users are indeed willing to accept price increases, ISP-required security training, and security related interruptions of their Internet service in exchange for reductions in the risk of their computer slowing down or crashing, the risk of their identity being stolen, or the risk that others will be affected by their insecurity. This finding suggests that Internet users would be willing to pay for ISPs to take a more active role in security if the benefits of ISP-based security solutions were clearly communicated to them.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Participation by this ISP required that their name be kept confidential.

  2. 2.

    Mixed logit was chosen over simpler methods of estimation, like conditional logit, because it treats variation in respondent preferences as a statistical property, which greatly improves the fit of the model.

  3. 3.

    The intuition behind this calculation is that the difference between the part-worth utilities of the two levels under consideration provides one with the number of “utils” gained from making the package change. These “utils” are converted to monetary units by dividing by the marginal utility of income ( − βfee).

  4. 4.

    Please note that the $7.15 and 1.40 h are the mean dollars and time shown to respondents in the hypothetical choice tasks. The subtraction of βfee  ∗  $7.15 and βtime ∗ 1. 40 from the alternative-specific constant, β0, is necessary because we used continuous fee and time terms and effects-coding for the other parameters.

References

  1. Anderson R (2001) Why Information security is hard: an economic perspective. In: Proceedings of the 17th Annual Computer Security Applications Conference

    Google Scholar 

  2. Anderson R, Bohme R, Clayton R, Moore T (2008) Analyzing barriers and incentives for network and information security in the internal market for e-communication. http://www.enisa.europa.eu/act/sr/reports/econ-sec. Accessed 1 June 2011

  3. Arbor Networks (2010) 2009 Worldwide infrastructure security report. http://www.arbornetworks.com/report. Accessed 21 Feb 2010

  4. Clayton R (2010) Might governments clean-up malware? http://weis2010.econinfosec.org/papers/session4/weis2010_clayton.pdf

  5. Evers J (2005) ISPs versus the zombies. Cnet News.com. http://news.cnet.com/ISPs-versus-the-zombies/2100--7349_3--5793719.html. Accessed 24 Apr 2009

  6. Gallaher M, Rowe B, Rogozhin A, Link A (2006) Economic analysis of cyber security and private sector investment decisions. Report prepared for the U.S. Department of Homeland Security. Research Triangle Park, NC: RTI International

    Google Scholar 

  7. Hensher DA, Rose JM, Green WH (2005) Applied choice analysis: a primer. Cambridge University Press, Cambridge, UK

    Book  Google Scholar 

  8. Huang Y, Xianjun G, Whinston A (2007) Defeating DDoS attacks by fixing the incentive chain. ACM Trans Internet Technol 7(1):1–5. http://portal.acm.org/citation.cfm?doid=1189740.1189745. Accessed 30 Apr 2009

    Google Scholar 

  9. Kanninen B (2002) Optimal design for multinomial choice experiments. J Mark Res 39: 214–227

    Article  Google Scholar 

  10. Krinsky I, Robb A (1986) On approximating the statistical properties of elasticities. Rev Econ Stat 68:715–719

    Article  Google Scholar 

  11. Krinsky I, Robb A (1990) On approximating the statistical properties of elasticities: a correction. Rev Econ Stat 72:189–90

    Article  Google Scholar 

  12. Kuhfeld WF, Tobias RD, Garratt M (1994) Efficient experimental design with marketing research applications. J Mark Res 31:545–557

    Article  Google Scholar 

  13. List J, Sinha P, Taylor M (2006) Using choice experiments to value non-market goods and services: evidence from field experiments. Adv Econ Anal Policy 6(2):1–37

    Google Scholar 

  14. Lichtman D, Posner E (2004) Holding Internet service providers accountable. In: John M Olin Law and Economist Working Paper, Vol 217. University of Chicago. http://www.law.uchicago.edu/files/files/217-dgl-eap-isp.pdf. Accessed 1 June 2011

  15. Moore T (2010) The economics of cybersecurity: principles and policy options. Int J Crit Infrastruct Prot 3(3–4):103–117

    Article  Google Scholar 

  16. Orme B (2010) Getting started with conjoint analysis. Research Publishers, LLC, Madison, WI

    Google Scholar 

  17. Richards J (2007) Make firms bear the cost to improve information security, says Schneier. Computer Weekly. \url{http://www.computerweekly.com/Articles/2007/05/22/223959/make-firms-bear-the-cost-to-improve-information-security$\neg}$says-schneier.htm. Accessed 24 Apr 2009

    Google Scholar 

  18. Robinson N, Potoglou D, Kim C, Burge P, Warnes R (2010) Security at what cost? In: Critical infrastructure protection IV: IFIP advances in information and communication technology. 342:3–15

    Article  Google Scholar 

  19. Rowe B, Wood D, Reeves D, Braun F (2011) Economic analysis of ISP provided cyber security solutions. https://www.ihssnc.org/portals/0/Rowe_IHSS{\_}Cyber{\_}Final{\_}ReportFINAL.pdf. Accessed 3 June 2011

  20. Sawtooth Software, Inc. (2010) SSI Web v.6.6.12: choice based conjoint [Computer Software]. Sequim, WA

    Google Scholar 

  21. Smith A (2010) Home broadband adoption 2010.\url{http://www.pewinternet.org/$\sim}$/media//Files/Reports/2010/Home{\%}20broadband{\%}202010.pdf. Accessed 3 June 2011

    Google Scholar 

  22. Smith V, Mansfield CA (2006) Valuing airline security: an analysis of the MANPADS program. Paper presented at the Workshop on Benefit Methodologies for Homeland Security Analysis, Washington, DC, June 8–9

    Google Scholar 

  23. StreamShield Networks (2004) Consumers prepared to pay extra for clean and safe Internet service. Press release. http://www.streamshield.com/index.php?option=com_content{\&}task=view{\&}id=59{\&}Itemid=130. Accessed 24 Apr 2009

  24. Train K (2003) Discrete choice methods with simulation. Cambridge University Press, Cambridge

    Book  MATH  Google Scholar 

  25. van Eeten M, Bauer J, Asghari H, Tabatabaie S (2010) The role of Internet service providers in botnet mitigation: an empirical analysis based on spam data. http://www.oecd.org/LongAbstract/0,3425,en{\_}2649{\_}33703{\_}46396507{\_}119684{\_}1{\_}1{\_}1,00.html. Accessed 1 June 2010

  26. van Eet3n M, Asghari H, Bauer J, Tabatabaie S (2011) Internet service providers and botnet mitigation: a fact-finding study on the Dutch market. http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2011/01/13/internet-service-providers-and-botnet-mitigation/tud-isps-and-botnet-mitigation-in-nl-final-public-version-07jan2011.pdf. Accessed 1 July 2011

  27. Varian H (2000) Managing online security risks. The New York Times. http://www.nytimes.com/library/financial/columns/060100econ-scene.html. Accessed 3 June 2011

  28. Zwerina K, Huber J, Kuhfeld WF (1996) A general method for constructing efficient choice designs. SAS Working Paper. http://support.sas.com/techsup/technote/mr2010e.pdf. Accessed 3 June 2011

Download references

Author information

Authors and Affiliations

  1. RTI International, San Francisco, CA, USA

    Brent Rowe & Dallas Wood

Authors
  1. Brent Rowe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dallas Wood
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Minneapolis, Minnesota, USA

    Bruce Schneier

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media New York

About this paper

Cite this paper

Rowe, B., Wood, D. (2013). Are Home Internet Users Willing to Pay ISPs for Improvements in Cyber Security?. In: Schneier, B. (eds) Economics of Information Security and Privacy III. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-1981-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-1981-5_9

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-1980-8

  • Online ISBN: 978-1-4614-1981-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics