Association for Computing Machinery
Computer users express a strong desire to prevent attacks and to reduce the losses from computer and information security breaches. However, security compromises are common and widespread and highly damaging. Next to attackers' increased sophistication, a root cause for the harm inflicted is that users often fail to optimally protect their resources or to recover gracefully from a security breach. The authors argue that users often underestimate the strong mutual dependence between their security strategies and the economic environment (e.g., threat model) in which these choices are made and evaluated.