Date Added: Jun 2010
Security breaches often stem from business partner failures within the value chain. There have been several recent efforts to develop a common reference for rating the information risk posed by partners. The authors develop a simple analytical model to examine the impact of such information security ratings on service providers, customers, and social welfare. While some might believe that ratings would benefit high-security providers and hurt those with lower security, the authors show that this is not always the case. The authors find that information security ratings can hurt both types of providers or benefit both, depending on the market conditions. Surprisingly, the authors also find that security ratings do not always benefit the most demanding customers who desire highly secure business partners.