Economics and Security Resource Page

Ross Anderson

Do we spend enough on keeping ‘hackers’ out of our computer systems? Do we not spend enough? Or do we spend too much? For that matter, do we spend too little on the police and the army, or too much? And do we spend our security budgets on the right things?

The economics of security is a hot and rapidly growing field of research. More and more people are coming to realise that security failures are often due to perverse incentives rather than to the lack of suitable technical protection mechanisms. (Indeed, the former often explain the latter.) While much recent research has been on ‘cyberspace’ security issues — from hacking through fraud to copyright policy — it is expanding to throw light on ‘everyday’ security issues at one end, and to provide new insights and new problems for ‘normal’ computer scientists and economists at the other. In the commercial world, as in the world of diplomacy, there can be complex linkages between security arguments and economic ends.

This page provides links to a number of key papers, conferences, the home pages of active researchers, relevant books, and other resources. Complementary pages include Alessandro Acquisti's privacy economics page, my security psychology page, Jean Camp's bibliography, and job ads for security economists.

Our annual bash is the Workshop on Economics and Information Security, last held at UC Berkeley in June 2016; the next one will be in UC San Diego on June 26-27 2017. See below for links to past workshops, for all the workshop papers to date, and for other conferences with some security economics content.

Introductory Papers

Economics of Privacy

See also Alessandro Acquisti's privacy economics page.

The Information Security Business

Economics of vulnerabilities

Relevant Theory Papers

Measuring Electronic Crime

Information Security Regulation

Copyright and Rights Management

Miscellaneous Papers


The event to aim for if you want to keep up with research in this field and get to know people is WEIS – the Workshop on the Economics of Information Security, which happens every June. WEIS 2017 will be held at UC San Diego on 26-27 June.

These links give you access to all the conference papers.

The Security and Human Behaviour workshop brings security engineers together with psychologists, behavioral economists and others. The 2016 workshop will be in Harvard. See

Other relevant conferences include:

Community – Home Pages of People Interested in Security Economics


Other Resources

Here are some suggestions for further reading: