Skip to main content

Advertisement

Springer Nature Link
Log in

A competitive analysis of software quality investment with technology diversification and security concern

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

Once installed by a larger population of consumers, software products become appealing targets for malicious agents and thus consumers’ security concern increases. Software vendors must balance quality investment for demand improvement and resulting security anxiety, particularly when deciding whether to choose diversified or similar technology with competitors. Technology choice becomes challengeable in that choosing similar technologies can increase the degree of technology spillovers, which, on the other hand, leads to more software vulnerabilities that are shared among vendors’ software products. Considering these elements, this paper analyzes two competitive software vendors’ quality investment for heterogeneous markets composed of a high-end market with particular quality requirement and a low-end market. I reveal that whether vendors target the high-end market or the low-end market, they may benefit from the risk of security threat because it may soften their price competition. An increase in the maximal potential of technology spillovers may harm the high-quality vendor even though it benefits the low-quality vendor. The high-quality vendor always benefits from the degree of technology diversification while the low-quality vendor benefits only if the risk of security is rather high. Meanwhile, I find the two competitive vendors may target the high-end market and the low-end market respectively even though they are symmetric. Furthermore, I show that compared with optimal industry market strategies, the vendors seem reluctant to be aggressive. Hence, the widely discussed argument that aggressive market strategies should be inhibited because of the resulting serious security concern is not always logical.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. I sincerely thank one reviewer for raising this interesting issue.

References

  1. Garcia, A., Sun, Y., & She, J. (2014). Dynamic platform competition with malicious consumers. Dynamic Games and Applications, 4(3), 290–308.

    Google Scholar 

  2. Chen, P., Kataria, G., & Krishnan, R. (2011). Correlated failures, diversification, and information security risk management. MIS Quarterly, 35(2), 397–422.

    Google Scholar 

  3. Hui, K. L., Hui, W., & Yue, W. T. (2012). Information security outsourcing with system interdependency and mandatory security requirement. Journal of Management Information Systems, 29(3), 117–155.

    Google Scholar 

  4. Geer, D., Bace, R., Gutmann, P., Metzger, P., Pfleeger, C. P., Quarterman, J. S., & Schneier, B. (2003). CyberInsecurity: The Cost of Monopoly. Report. http://cryptome.org/cyberinsecurity.htm

  5. Belleflamme, P. (1998). Adoption of network technologies in oligopolies. International Journal of Industrial Organization, 16(4), 415–444.

    Google Scholar 

  6. Wiethaus, L. (2005). Absorptive capacity and connectedness: Why competing firms also adopt identical R&D approaches. International Journal of Industrial Organization, 23(5–6), 467–481.

    Google Scholar 

  7. Moltó, G. M. J., Georgantzís, N., & Orts, V. (2005). Cooperative R&D with endogenous technology differentiation. Journal of Economics & Management Strategy, 14(2), 461–476.

    Google Scholar 

  8. Kamien, M., & Zang, I. (2000). Meet me halfway: Research joint ventures and absorptive capacity. International Journal of Industrial Organization, 18(7), 995–1012.

    Google Scholar 

  9. Lahiri, A. (2012). Revisiting the incentive to tolerate illegal distribution of software products. Decision Support Systems, 53(2), 357–367.

    Google Scholar 

  10. Novos, I., & Waldman, M. (1984). The effect of increased copyright protection: An analytic approach. Journal of Political Economy, 92(2), 236–246.

    Google Scholar 

  11. Lahiri, A., & Dey, D. (2013). Effects of piracy on quality of information goods. Management Science, 59(1), 245–264.

    Google Scholar 

  12. Jain, S. (2008). Digital piracy: A competitive analysis. Marketing Science, 27(4), 610–626.

    Google Scholar 

  13. Jaisingh, J. (2009). Impact of piracy on innovation at software firms and implications for piracy policy. Decision Support Systems, 46(4), 763–773.

    Google Scholar 

  14. Purohit, D. (1994). What should you do when your competitors send in the clones? Marketing Science, 13(4), 392–411.

    Google Scholar 

  15. Cho, W. Y., & Ahn, B. H. (2010). Versioning of information goods under the threat of piracy. Information Economics and Policy, 22(4), 332–340.

    Google Scholar 

  16. Hui, W., Yoo, B., & Tam, K. Y. (2008). Economics of shareware: How do uncertainty and piracy affect shareware quality and brand premium? Decision Support Systems, 44, 580–594.

    Google Scholar 

  17. Cho, W., Subramanyam, R., & Xia, M. (2013). Vendors’ incentives to invest in software quality in enterprise systems. Decision Support Systems, 56, 27–36.

    Google Scholar 

  18. Anderson, R., & Moore, T. (2006). The economics of information security. Science, 314(5799), 610–613.

    Google Scholar 

  19. Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 5(4), 438–457.

    Google Scholar 

  20. Huang, D., Qing, H., & Ravi, B. (2008). An economic analysis of the optimal information security investment in the case of a risk-averse firm. International Journal of Production Economics, 114(2), 793–804.

    Google Scholar 

  21. Bandyopadhyay, T., Jacob, V., & Raghunathan, S. (2010). Information security in networked supply chains: Impact of network vulnerability and supply chain integration on incentives to invest. Information Technology and Management, 11(1), 7–23.

    Google Scholar 

  22. Kunreuther, H., & Heal, G. (2003). Interdependent security. Journal of Risk and Uncertainty, 26(2–3), 231–249.

    Google Scholar 

  23. Gal-Or, E., & Ghose, A. (2005). The economic incentives for sharing security information. Information Systems Research, 16(2), 186–208.

    Google Scholar 

  24. Gordon, L. A., Loeb, M. P., & Lucyshyn, W. (2003). Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy, 22(6), 461–485.

    Google Scholar 

  25. Gao, X., Zhong, W., & Mei, S. (2014). A game-theoretic analysis of information sharing and security investment for complementary firms. Journal of the Operational Research Society, 65(11), 1682–1691.

    Google Scholar 

  26. Liu, D., Ji, Y., & Mookerjee, V. (2011). Knowledge sharing and investment decisions in information security. Decision Support Systems, 52(1), 95–107.

    Google Scholar 

  27. August, T., & Tunca, T. I. (2006). Network software security and consumer incentives. Management Science, 52(11), 1703–1720.

    Google Scholar 

  28. August, T., & Tunca, T. I. (2011). Who should be responsible for software security? A comparative analysis of liability policies in network environments. Management Science, 57(5), 934–959.

    Google Scholar 

  29. August, T., Niculescu, M. F., & Shin, H. (2014). Cloud implications on software network structure and security risks. Information Systems Research, 25(3), 489–510.

    Google Scholar 

  30. August, T., Dao, D., & Kim, K. (2019). Market segmentation and software security: Pricing patching rights. Management Science, 65(10), 4575–4597.

    Google Scholar 

  31. Cezar, A., Cavusoglu, H., & Raghunathan, S. (2014). Outsourcing information security: Contracting issues and security implications. Management Science, 60(3), 638–657.

    Google Scholar 

  32. Hui, K. L., Ke, P. F., Yao, Y., & Yue, W. T. (2019). Bilateral liability-based contracts in information security outsourcing. Information Systems Research, 30(2), 411–429.

    Google Scholar 

  33. Lee, C. H., Geng, X., & Raghunathan, S. (2013). Contracting information security in the presence of double moral hazard. Information Systems Research, 24(2), 295–311.

    Google Scholar 

  34. Dey, D., Lahiri, A., & Zhang, G. (2012). Hacker behavior, network effects, and the security software market. Journal of Management Information Systems, 29(2), 77–108.

    Google Scholar 

  35. Gao, X., & Zhong, W. (2015). Information security investment for competitive firms with hacker behavior and security requirements. Annals of Operations Research, 235(1), 277–300.

    Google Scholar 

  36. Png, I. P. L., & Wang, Q. H. (2009). Information security facilitating consumer precautions vis-à-vis enforcement against attackers. Journal of Management Information Systems, 26(2), 97–121.

    Google Scholar 

  37. Huang, C. D., & Behara, R. S. (2013). Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints. International Journal of Production Economics, 141(1), 255–268.

    Google Scholar 

  38. Gao, X., Zhong, W., & Mei, S. (2013). Information security investment when hackers disseminate knowledge. Decision Analysis, 10(4), 352–368.

    Google Scholar 

  39. Mookerjee, V., Mookerjee, R., Bensoussan, A., & Yue, W. T. (2011). When hackers talk: Managing information security under variable attack rates and knowledge dissemination. Information Systems Research, 22(3), 606–623.

    Google Scholar 

  40. Bandyopadhyay, T., Liu, D., Mookerjee, V. S., & Wilhite, A. W. (2014). Dynamic competition in IT security: A differential games approach. Information Systems Frontiers, 16(4), 643–661.

    Google Scholar 

  41. Gao, X., & Zhong, W. (2016). A differential game approach to security investment and information sharing in a competitive environment. IIE Transactions, 48(6), 511–526.

    Google Scholar 

  42. Wang, J., Chaudhury, A., & Rao, H. R. (2008). A value-at-risk approach to information security investment. Information Systems Research, 19(1), 106–120.

    Google Scholar 

  43. Bodin, L. D., Gordon, L. A., & Loeb, M. P. (2005). Evaluating information security investments using the analytic hierarchy process. Communications of the ACM, 48(2), 78–83.

    Google Scholar 

  44. Chai, S., Kim, M., & Rao, H. R. (2011). Firms’ information security investment decisions: Stock market evidence of investors’ behavior. Decision Support Systems, 50(4), 651–661.

    Google Scholar 

  45. Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of Internet security breach announcements on market value: Capital market reaction for breached firms and Internet security developers. International Journal of Electronic Commerce, 9(1), 69–105.

    Google Scholar 

  46. Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448.

    Google Scholar 

  47. Temizkan, O., Park, S., & Saydam, C. (2017). Software diversity for improved network security: Optimal distribution of software-based shared vulnerabilities. Information Systems Research, 28(4), 828–849.

    Google Scholar 

  48. Amir, R., & Wooders, J. (1999). Effects of one-way spillovers on market shares, industry price, welfare, and R&D cooperation. Journal of Economics & Management Strategy, 8(2), 223–249.

    Google Scholar 

  49. Amir, R. (2000). One-way spillovers, endogenous innovator/imitator roles, and research joint ventures. Games and Economic Behavior, 31, 1–25.

    Google Scholar 

  50. Tesoriere, A. (2008). Endogenous R&D symmetry in linear duopoly with one-way spillovers. Journal of Economic Behavior & Organization, 66, 213–225.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Economics and Management, Southeast University, Nanjing, Jiangsu, China

    Xing Gao

Authors
  1. Xing Gao
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Xing Gao.

Supplementary Information

Below is the link to the electronic supplementary material.

Supplementary file1 (DOC 1399 kb)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gao, X. A competitive analysis of software quality investment with technology diversification and security concern. Electron Commer Res 23, 2691–2712 (2023). https://doi.org/10.1007/s10660-022-09558-4

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-022-09558-4

Keywords