Date Added: Sep 2009
Security breaches often stem from business partner failures within the value chain. There have been several recent efforts to develop a common reference for rating the information risk posed by partners. The authors develop a simple analytical model to examine the impact of such information security ratings on service providers, customers, and social welfare. While some might believe that professional information security ratings would benefit high-security providers and hurt those with lower security, the authors show that this is not always the case. The authors find that such ratings can hurt both types of providers or benefit both, depending on the market conditions.