Abstract
Once installed by a larger population of consumers, software products become appealing targets for malicious agents and thus consumers’ security concern increases. Software vendors must balance quality investment for demand improvement and resulting security anxiety, particularly when deciding whether to choose diversified or similar technology with competitors. Technology choice becomes challengeable in that choosing similar technologies can increase the degree of technology spillovers, which, on the other hand, leads to more software vulnerabilities that are shared among vendors’ software products. Considering these elements, this paper analyzes two competitive software vendors’ quality investment for heterogeneous markets composed of a high-end market with particular quality requirement and a low-end market. I reveal that whether vendors target the high-end market or the low-end market, they may benefit from the risk of security threat because it may soften their price competition. An increase in the maximal potential of technology spillovers may harm the high-quality vendor even though it benefits the low-quality vendor. The high-quality vendor always benefits from the degree of technology diversification while the low-quality vendor benefits only if the risk of security is rather high. Meanwhile, I find the two competitive vendors may target the high-end market and the low-end market respectively even though they are symmetric. Furthermore, I show that compared with optimal industry market strategies, the vendors seem reluctant to be aggressive. Hence, the widely discussed argument that aggressive market strategies should be inhibited because of the resulting serious security concern is not always logical.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
I sincerely thank one reviewer for raising this interesting issue.
References
Garcia, A., Sun, Y., & She, J. (2014). Dynamic platform competition with malicious consumers. Dynamic Games and Applications, 4(3), 290–308.
Chen, P., Kataria, G., & Krishnan, R. (2011). Correlated failures, diversification, and information security risk management. MIS Quarterly, 35(2), 397–422.
Hui, K. L., Hui, W., & Yue, W. T. (2012). Information security outsourcing with system interdependency and mandatory security requirement. Journal of Management Information Systems, 29(3), 117–155.
Geer, D., Bace, R., Gutmann, P., Metzger, P., Pfleeger, C. P., Quarterman, J. S., & Schneier, B. (2003). CyberInsecurity: The Cost of Monopoly. Report. http://cryptome.org/cyberinsecurity.htm
Belleflamme, P. (1998). Adoption of network technologies in oligopolies. International Journal of Industrial Organization, 16(4), 415–444.
Wiethaus, L. (2005). Absorptive capacity and connectedness: Why competing firms also adopt identical R&D approaches. International Journal of Industrial Organization, 23(5–6), 467–481.
Moltó, G. M. J., Georgantzís, N., & Orts, V. (2005). Cooperative R&D with endogenous technology differentiation. Journal of Economics & Management Strategy, 14(2), 461–476.
Kamien, M., & Zang, I. (2000). Meet me halfway: Research joint ventures and absorptive capacity. International Journal of Industrial Organization, 18(7), 995–1012.
Lahiri, A. (2012). Revisiting the incentive to tolerate illegal distribution of software products. Decision Support Systems, 53(2), 357–367.
Novos, I., & Waldman, M. (1984). The effect of increased copyright protection: An analytic approach. Journal of Political Economy, 92(2), 236–246.
Lahiri, A., & Dey, D. (2013). Effects of piracy on quality of information goods. Management Science, 59(1), 245–264.
Jain, S. (2008). Digital piracy: A competitive analysis. Marketing Science, 27(4), 610–626.
Jaisingh, J. (2009). Impact of piracy on innovation at software firms and implications for piracy policy. Decision Support Systems, 46(4), 763–773.
Purohit, D. (1994). What should you do when your competitors send in the clones? Marketing Science, 13(4), 392–411.
Cho, W. Y., & Ahn, B. H. (2010). Versioning of information goods under the threat of piracy. Information Economics and Policy, 22(4), 332–340.
Hui, W., Yoo, B., & Tam, K. Y. (2008). Economics of shareware: How do uncertainty and piracy affect shareware quality and brand premium? Decision Support Systems, 44, 580–594.
Cho, W., Subramanyam, R., & **a, M. (2013). Vendors’ incentives to invest in software quality in enterprise systems. Decision Support Systems, 56, 27–36.
Anderson, R., & Moore, T. (2006). The economics of information security. Science, 314(5799), 610–613.
Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 5(4), 438–457.
Huang, D., Qing, H., & Ravi, B. (2008). An economic analysis of the optimal information security investment in the case of a risk-averse firm. International Journal of Production Economics, 114(2), 793–804.
Bandyopadhyay, T., Jacob, V., & Raghunathan, S. (2010). Information security in networked supply chains: Impact of network vulnerability and supply chain integration on incentives to invest. Information Technology and Management, 11(1), 7–23.
Kunreuther, H., & Heal, G. (2003). Interdependent security. Journal of Risk and Uncertainty, 26(2–3), 231–249.
Gal-Or, E., & Ghose, A. (2005). The economic incentives for sharing security information. Information Systems Research, 16(2), 186–208.
Gordon, L. A., Loeb, M. P., & Lucyshyn, W. (2003). Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy, 22(6), 461–485.
Gao, X., Zhong, W., & Mei, S. (2014). A game-theoretic analysis of information sharing and security investment for complementary firms. Journal of the Operational Research Society, 65(11), 1682–1691.
Liu, D., Ji, Y., & Mookerjee, V. (2011). Knowledge sharing and investment decisions in information security. Decision Support Systems, 52(1), 95–107.
August, T., & Tunca, T. I. (2006). Network software security and consumer incentives. Management Science, 52(11), 1703–1720.
August, T., & Tunca, T. I. (2011). Who should be responsible for software security? A comparative analysis of liability policies in network environments. Management Science, 57(5), 934–959.
August, T., Niculescu, M. F., & Shin, H. (2014). Cloud implications on software network structure and security risks. Information Systems Research, 25(3), 489–510.
August, T., Dao, D., & Kim, K. (2019). Market segmentation and software security: Pricing patching rights. Management Science, 65(10), 4575–4597.
Cezar, A., Cavusoglu, H., & Raghunathan, S. (2014). Outsourcing information security: Contracting issues and security implications. Management Science, 60(3), 638–657.
Hui, K. L., Ke, P. F., Yao, Y., & Yue, W. T. (2019). Bilateral liability-based contracts in information security outsourcing. Information Systems Research, 30(2), 411–429.
Lee, C. H., Geng, X., & Raghunathan, S. (2013). Contracting information security in the presence of double moral hazard. Information Systems Research, 24(2), 295–311.
Dey, D., Lahiri, A., & Zhang, G. (2012). Hacker behavior, network effects, and the security software market. Journal of Management Information Systems, 29(2), 77–108.
Gao, X., & Zhong, W. (2015). Information security investment for competitive firms with hacker behavior and security requirements. Annals of Operations Research, 235(1), 277–300.
Png, I. P. L., & Wang, Q. H. (2009). Information security facilitating consumer precautions vis-à-vis enforcement against attackers. Journal of Management Information Systems, 26(2), 97–121.
Huang, C. D., & Behara, R. S. (2013). Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints. International Journal of Production Economics, 141(1), 255–268.
Gao, X., Zhong, W., & Mei, S. (2013). Information security investment when hackers disseminate knowledge. Decision Analysis, 10(4), 352–368.
Mookerjee, V., Mookerjee, R., Bensoussan, A., & Yue, W. T. (2011). When hackers talk: Managing information security under variable attack rates and knowledge dissemination. Information Systems Research, 22(3), 606–623.
Bandyopadhyay, T., Liu, D., Mookerjee, V. S., & Wilhite, A. W. (2014). Dynamic competition in IT security: A differential games approach. Information Systems Frontiers, 16(4), 643–661.
Gao, X., & Zhong, W. (2016). A differential game approach to security investment and information sharing in a competitive environment. IIE Transactions, 48(6), 511–526.
Wang, J., Chaudhury, A., & Rao, H. R. (2008). A value-at-risk approach to information security investment. Information Systems Research, 19(1), 106–120.
Bodin, L. D., Gordon, L. A., & Loeb, M. P. (2005). Evaluating information security investments using the analytic hierarchy process. Communications of the ACM, 48(2), 78–83.
Chai, S., Kim, M., & Rao, H. R. (2011). Firms’ information security investment decisions: Stock market evidence of investors’ behavior. Decision Support Systems, 50(4), 651–661.
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of Internet security breach announcements on market value: Capital market reaction for breached firms and Internet security developers. International Journal of Electronic Commerce, 9(1), 69–105.
Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448.
Temizkan, O., Park, S., & Saydam, C. (2017). Software diversity for improved network security: Optimal distribution of software-based shared vulnerabilities. Information Systems Research, 28(4), 828–849.
Amir, R., & Wooders, J. (1999). Effects of one-way spillovers on market shares, industry price, welfare, and R&D cooperation. Journal of Economics & Management Strategy, 8(2), 223–249.
Amir, R. (2000). One-way spillovers, endogenous innovator/imitator roles, and research joint ventures. Games and Economic Behavior, 31, 1–25.
Tesoriere, A. (2008). Endogenous R&D symmetry in linear duopoly with one-way spillovers. Journal of Economic Behavior & Organization, 66, 213–225.
Author information
Authors and Affiliations
Corresponding author
Supplementary Information
Below is the link to the electronic supplementary material.
Rights and permissions
About this article
Cite this article
Gao, X. A competitive analysis of software quality investment with technology diversification and security concern. Electron Commer Res 23, 2691–2712 (2023). https://doi.org/10.1007/s10660-022-09558-4
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-022-09558-4