Buggy software, buggy networks and buggy people make even the most carefully designed systems and processes vulnerable. Yet many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons. Information security is about power; while at the technical level it is about controlling who may use which resource and how, while at the level of business strategy it is increasingly about raising barriers to trade, segmenting markets and differentiating products. Often insecurity is welcome; for example, it may foster economic growth by making monopolies harder to defend.