Ross Anderson (yes, the black helicopters guy) has created the “Economics and Security Resource Page“:
“Do we spend enough on keeping `hackers’ out of our computer systems? Do we not spend enough? Or do we spend too much? For that matter, do we spend too little on the police and the army, or too much? And do we spend our security budgets on the right things?
The economics of security is a hot and rapidly growing field of research. More and more people are coming to realise that security failures are often due to perverse incentives rather than to the lack of suitable technical protection mechanisms. (Indeed, the former often explain the latter.) While much recent research has been on `cyberspace’ security issues – from hacking through fraud to copyright policy – it is expanding to throw light on `everyday’ security issues at one end, and to provide new insights and new problems for theoretical computer scientists and `normal’ economists at the other. In the commercial world, as in the world of diplomacy, there can be complex linkages between security arguments and economic ends.”
Excellent ressource. If only I could find the time to actually read it all :)