Economic analysis is employed for thorough examination of the laws governing cyber security. Law and economics of cyber security are used for examination of the prospects and consequences of the public and private implementation of internet security methods. The study of law and economics essentially deals with the utilization of economic concepts to analyze the efficiency and effectiveness of the legal rules. Economic theory and quantitative analysis are effectively utilized for vetting of proposal and deployment of policy initiatives, laws and cyber regulations.
Cyber security law is indicative of the entire spectrum of legal regulations devised for governing of the security of stored information that is transmitted over the internet. The protection of systems against the entire array of cyber crimes is virtually impossible owing to the deviant behavioral patterns of the perpetrators who are constantly evolving newer means to avoid getting caught and cover up their tracks.
- Private enforcement pros: One possible way to enhance cyber security is to allow every company to build its own unique individual security model. This will provide a fair idea to every individual or company regarding the cost of implementation to assess the share of capital they wish to set aside for enhancing security and the cost incurred after a potential security breach to make up the loss. Allowing private enforcement would essentially permit individuals and companies to collaborate on a collective security application to offset the costs incurred and expand the security system.
- Private enforcement cons: In the event of permitting private enforcement, certain drawbacks are attached to information sharing regarding potential security breaches and viruses. If a particular company is capable of preventing the occurrence of a potential security breach, it is least likely to notify about the same to its rival company or share information pertaining to protecting the opponent against the security loophole. Cost is another thing to factor in. The exorbitant cost of establishing security and the dependence of the system on private security will cause only the affluent ones to afford a highly secure cyber system.
- Public enforcement pros: If the permission for public enforcement is granted, it will always be accompanied with incentive for revealing critical information that would allow for fortification of defenses against all sorts of security breaches. The virus or potential security breach will be prevented from spreading as the disclosure of defense mechanism would spur other individuals and companies to take necessary preventive action prior to the occurrence of security breach. The cost of implementing the security measures will be effectively distributed among participating public users, and thus the financial burden would be taken off the shoulders of individuals.
- Public enforcement cons: Public enforcement has certain drawbacks too. Numerous users will draw from the benefit pool of implemented system without having to bear the expenses of deploying the security system. Further, it will restrict innovative approaches. This concern rises from the fact that if each user had similar system, one virus or security breach will essentially destructs or erase the entire system. Many scholars are of the view that heterogeneity is the key to stem a security breach or virus because every participant in the system will make concentrated attempts to ward off potential cyber threat.
- Victim: Users who will be covered either by private enforcement or public enforcement are concerned that they have to reveal critical information to be covered under the security net. Law and economic analysis of cyber security is also concerned with the issue of harm caused. The harm can come to an individual or the system in entirety. How the laws should deal with the perpetrator? Is he to be prosecuted or potentially held responsible to the individual who has incurred losses? Should the unauthorized attempts be labeled as crime against the larger system? Can the internet service provider be held responsible for not extending adequate security to users? These and more questions need to be pondered to develop a foolproof cyber security.