Economics puts the challenges facing information security into perspective better than a purely technical approach does. Systems often fail because the organizations that defend them do not bear the full costs of failure. In order to solve the problems of growing vulnerability and increasing crime, solutions must coherently allocate responsibilities and liabilities so that the parties in a position to fix problems have an incentive to do so. This requires a technical comprehension of security threats combined with an economic perspective to uncover the strategies employed by attackers and defenders.

The security economics lab conducts research measuring various forms cybercrime in order to improve our understanding of how attackers and defenders behave. We emphasize empirical analysis of security incidents that can be directly observed, driven by the belief that security failures must be studied from the concrete, not the hypothetical. We also attempt to quantify the costs and benefits of security mechanisms where possible.

We collaborate with researchers at institutions across the US and internationally, including Carnegie Mellon University, SMU, Delft University of Technology, the University of Cambridge, Tel Aviv University, and the University of Innsbruck.

For more information, please contact Dr. Tyler Moore, the lab's director.