The OCED has officially released the “Economics Of Malware: Security Decisions, Incentives and Externalities” a study co-authored by IGP Scientific Committee member Michel van Eeten and Johannes Bauer. From the paper:

Malicious software, or malware for short, has become a critical security threat to all who rely on the Internet for their daily business, whether they are large organisations or home users. While originating in criminal behaviour, the magnitude and impact of the malware threat are also influenced by the decisions and behaviour of legitimate market players such as Internet Service Providers (ISPs), software vendors, e-commerce companies, hardware manufacturers, registrars and, last but not least, end users. This working paper reports on qualitative empirical research into the incentives of market players when dealing with malware. The results indicate a number of market-based incentive mechanisms that contribute to enhanced security but also other instances in which decentralised actions may lead to sub-optimal outcomes – i.e. where significant externalities emerge.

The study is referenced extensively in the Ministerial Background Report, “Malicious Software (Malware): A Security Threat to the Internet Economy“, that was prepared for the upcoming OECD Ministerial meeting to be held in Seoul, Korea Jun 17-18 on the “Future of the Internet Economy”. The Background Report is being used to inform policymakers, including civil society, governments and the private sector, “about the evolution and impact of malware, as well as the counter-measures being taken. It concludes with suggestions for greater co-operation across the various international communities addressing malware.”