research-article

Open access

How Customer Demand Reactions Impact Technology Innovation and Security

Authors:

M. Lisa Yeo,

Erik Rolland,

Jacquelyn Rees Ulmer,

Raymond A. PattersonAuthors Info & Claims

ACM Transactions on Management Information Systems (TMIS), Volume 13, Issue 3

Article No.: 32, Pages 1 - 17

https://doi.org/10.1145/3505227

Published: 11 April 2022 Publication History

All formats PDF

Abstract

Innovation is a very important concern for both managers and governmental policy makers. There is an important interplay between security and technology innovation that is largely unrecognized in the literature. This research considers the case where technology innovation in the form of additional product features increases demand through greater functionality. However, the likelihood of a security breach increases with the number of product features as the features interact in unintended ways, thereby increasing the attack surface. Using a two-stage game, we demonstrate how potential demand changes (from direct risk or externalities) impact firm technology innovation strategy. The analysis shows that the type and extent of customer demand reaction has a significant impact on innovative feature development. This research identifies two potential impacts on the level of innovation that can be strategically managed - the impact of externalities on demand and industry risk - explaining how these forces alter the level of innovation in the product ecosystem. Additionally, high-security development is disincentivized, and leads to a type of competitive behavior where the opportunity window for high-security development for all firms is small.

1 Introduction

Innovation is a topic of great interest, and most of the discussion in the literature focuses on how an organization can increase their level of product or service innovation. This paper is not about what enables an organization to be more innovative than others, or how organizations can enhance their level of innovation. Rather, this paper uses a game-theoretic economic model to examine market forces related to security risks potentially leading to security breaches inherent in product innovation. This paper establishes our understanding of the impact of differing customer demand reactions to security breaches on feature innovation. We show that conditions under security breaches can either increase or decrease product demand and levels of product innovation in the market. The economic models presented in this paper can help firms better target innovation investments in the presence of ever-increasing security risks. Additionally, this paper establishes a baseline understanding of the influence of market risks on innovation for governmental policy makers tasked with overseeing security risks, including those around intentional or unintentional privacy breaches, without negatively impacting industry innovation.

Innovation is seen as a way to create value [10, 16]. Currently, embedding advanced technology features in products is seen as an important way to innovate. For example, Ostrovsky and Schwarz [23] imagine a future that relies on real-time decision making in an automated sensor network to track vehicle positioning and flow which, when coupled with self-driving cars, offer a real way to reduce traffic congestion. However, such an integrated system also means that every vehicle, and presumably every driver, would be completely track-able. This scenario could open the door for attackers to disrupt traffic systems and lead to injuries and even loss of life. In a less alarming, yet no less concerning scenario, individual vehicles and occupants could be tracked without permission, leading to potential privacy violations. Innovation in products, through the increase in product software features, increases the complexity of the system. This complexity creates room for unintentional errors and software defects, potentially creating software vulnerabilities in such systems. These vulnerabilities represent a portion of potential security risks for these products, along with more traditional security risks, such as malware. When attackers successfully exploit these vulnerabilities, security breaches are the result, which could result in data loss or other harm. Many countries, and most US states, have data breach notification laws, which require companies to notify victims of data breaches. These notification laws require firms to assume the expense of both recovering from the attack as well as notifying affected stakeholders. Companies might be also subject to lawsuits and other regulatory action. Regulation such as the European Union’s General Data Protection Regulation (GDPR) has taken the approach of punishing companies that are victims of attack with heavy fines [19]. This “stick” type of regulation can reasonably be expected to further dampen service and product innovation.

Innovative change is characterized as a process of movement through three overlapping stages, which includes more than just the innovation itself: invention, the innovation itself, and diffusion [4, 18]. Within this framework, an invention is some artifact or idea that could have economic value, whereas innovation is the process by which inventions become usable. The last stage, diffusion, is the spread of capacity to use or take advantage of an innovation. Hamel [10] posits that innovation is a driver of organizational competitiveness. Indeed, innovation through technology is often viewed as a primary mechanism for newcomers to succeed despite their resource disadvantage, but innovation with technology can also be a way for incumbents to renew their success.

The more complex the project or service, the more difficult innovation becomes. Sharma et al. [26] demonstrate that supply chain innovation exhibits a diminishing return, which is consistent with the idea that the more complex something is, the less marginal impact each additional innovation will have on desired outcomes. Modularizing product design is one method that has been used to manage the impact of product complexity on innovation [27]. In terms of technology adoption in general, complexity, or perceived complexity, has long been viewed as an inhibitory factor [11, 28, 34, 35]. However, software complexity is also known to exacerbate security issues [1]. The adoption of IS security measures involves both the firm that develops the innovation and the customer who must assimilate that innovation into their activities, where higher information system (IS) security complexity inhibits adoption [9]. Nelson and Madnick [21] find that strong cybersecurity creates a natural tension with the value derived from innovation and excessive risk required to obtain the innovation.

Is there evidence in the literature that consumers change demand behaviour as the result of a cyber security breach? Wang et al. [30] find that users seek out information security-related knowledge when cyber-attacks occur, and they point out that people react similarly to both physical and cyber attacks. A logical extension is to ask whether users might act on this information and change purchasing behavior. Jeong et al. [13] perform an event study that provides evidence for the assertion that information security breaches do in fact affect the stock price in information technology (IT) intensive industries where a very strong competition effect was found. We assert that stock price changes should reflect investor expectations of consumer demand changes. Zafar et al. [33] found that breaches affect the financial performance of other firms that were not breached, indicating that market externalities exist when IS security breaches occur. Wang et al. [31] show that IT security investments made prior to a security breach dampen the negative stock price impact of the breach. They also showed that when the specific breach was anticipated by the attacked firm, as shown by the 10K disclosures, the stock market reaction was minimal. Thus, we find strong evidence in the literature of a relationship between IS security investments and stock prices, which imply a consumer reaction to security breaches.

Combining these concepts, we assert a relationship between innovation, product features, and vulnerabilities. That is, innovation is manifested as additional features which increase complexity. The increased complexity then leads to opportunity for security breaches as noted above. Figure 1 illustrates the innovation-security breach cycle, where an innovation is turned into product or service features which create security vulnerabilities. These vulnerabilities are exploited and the result is a security breach which impacts consumer demand.

Fig. 1.

An illustrative example of the innovation-security trade-off can be seen in the mobile phone platform ecosystems, such as Google Play and the Apple App Store. These systems are based on distinct mobile phone operating systems: Android and iOS, respectively. For the Android open operating systems platform, smartphone manufacturers and resellers may modify or extend the system to add functionality. Wu et al. [32] analyzed this common practice of vendors tailoring the Android operating system to their smartphone handsets; such modifications come at a security cost in that an average of about 86% of all preloaded apps are over-privileged. An over-privileged app over-shares with third parties, thereby violating consumer privacy expectations [24]. Foerderer [7] investigated the impact of interfirm interchange among Apple developers on complementary innovation. In addition, the majority of the vulnerabilities found (65–85%) stemmed from vendor customization, and it was found that newer smartphone models are not necessarily more secure than older models [32].

Using data from the National Vulnerability Database [22], we verify that the relative rate of vulnerability discovery is higher for Android than iOS (Figure 2). Figure 2 summarizes the vulnerabilities discovered in the 12 months ending April 30, 2017 based on the National Vulnerability Database [22]. The number of Apps in the figure are as of September 30, 2017. Unsurprisingly, we see that there are more apps available for Android devices, and thus more functionality and implicit innovation. A higher relative rate of vulnerability discovery for the system with more features (i.e., Android) would imply that the excess vulnerabilities in Android could be the result of additional interaction complexities between additional features. Our observations regarding Android versus iOS are not proof of the existence of the innovation-security tradeoff, but rather provide only circumstantial evidence.

Fig. 2.

The above observations, combined with the reality of finite development time, mean firms face important trade-offs regarding feature development, testing, and security [3, 5]. Since features offer a salient value proposition while security does not, there is an unsurprising tendency to rush products to market before they are fully tested and secured. Even when software firms offer regular updates and patching, their customers often have a difficult task of keeping systems updated in a timely manner [12]. Additionally, we could think of time-to-market relative to a competitor as yet another feature of innovation, at least in terms of how customers react to early availability. Shorter time-to-market would be expected to increase the number of vulnerabilities.

One way of creating innovation with technology is to add features to a technology product, website, or other artifact. Using the vehicle example from above, a unique innovation contributing to Tesla’s success is their ability to upload “over-the-air software” with post-production innovations such as self-driving features and range expansion to older vehicles [6]. This innovation has increased the longevity and performance of Tesla’s older model electric cars. Lyytinen and Rose [17] shows that technology-enabled innovation can be related to the product, service, organization and market. With the advances in platform technologies [2], rapid diffusion has been made possible, further increasing the rate of innovation at every level. Artificial intelligence tools and big data have enabled innovative insurance products where insurers can more accurately categorize risk, pricing products more appropriately, but also introducing concerns regarding security, and therefore privacy, of user data [14]. We make the assumption for the purposes of this research that there is no privacy without security. Integrated autonomous vehicles, geolocation systems, and road sensors have the ability to improve transportation [23] while introducing serious security and privacy implications.

Software vendors have been credibly accused of pushing additional features quickly to customers at the cost of decreased security in their software [25, 29]. Additionally, some features that add functionality do so at the explicit cost of privacy. The discovery of previously undisclosed collection or use of personal data in excess of what the user expects can indeed be construed as a security breach.

This tunnel vision on additional features results in an increased number of vulnerabilities remaining within the source code of the consumer software. As developers have finite time to introduce features and perform testing on those new features, vendors make explicit trade-offs between functionality, ease of use, and security [3, 5]. Websites also experience this explicit innovation-security tradeoff. However, there is evidence of customer push-back when the potential downside is too great. For example, in website contexts for which users have higher privacy concerns, firms reduce their reliance on third-party providers of website functionality; Gopal et al. [8] find lower utilization of third party providers for website functionality when users experience higher privacy concerns. Thus, we observe a need for a firm to balance investments in features, the security of those features, and the customer demand reaction to both.

In this paper, we utilize analytic modeling to examine the Innovation-Security Breach Cycle. The contribution of this paper is to understand how innovation is influenced by user security concerns and adverse events such as security breaches. Under market conditions where user security concerns impact demand, higher levels of innovation observed in more competitive market segments are shown to be impacted by user security concerns manifested through differing customer demand reactions to security breaches as a mechanism that causes more or less innovation. Security concerns are shown to impact the level of innovation in services or products with embedded software technology. In doing so, we recognize differing consumer demand reactions to security violations, and we focus on how these differing reactions may impact the level of innovation in product and service design. An assumption of this paper is the law of unintended consequences [20] as it relates to complex technology-enabled product and service design: more interaction between more features create more opportunities for adverse events related to service and product safety which we consider to be security breaches. Because software technology is often the source of innovative features, we ask “How do firms balance the benefits of innovation versus their unintended consequences?”

2 Model

We consider the case where additional product features increase demand through greater functionality. The likelihood of a security breach increases with the number of product features as the product features interact in unintended ways, thereby increasing the possibility of unanticipated vulnerabilities. In this market, the demand for a product of firm i is impacted by the number of features and the realized risk of a security breach, such as when customers observe an IT security breach at either firm i itself or at a competing firm. Using a two-stage game, we demonstrate how potential demand changes (from risk or externalities) impact firm strategy. Our experiments illustrate that firms must balance the number of features in their product or service with the potential security risks, given the changes in customer demand when security breaches occur. We consider a symmetric duopoly with two identical profit-maximizing firms, Firm 1 and Firm 2. In the first stage, each firm decides their developer type; low security (L) or high security (H). In the second stage, each firm must decide the level of investment in product features. An increase in features leads to an increase in quantity demanded for a firm’s product; H-type developers incur an additional cost for feature development, \(\alpha \ge 0\) , which affects the expected profit. However, additional features expose the firm to higher risk of a security breach, which in turn decreases demand for the firm’s products. This risk of security breaches is mitigated for H-type developers. We use a standard economic model to establish quantity demanded for each firm under the condition that the entire system is in a ‘good’ state (i.e. there have been no security breaches). The parameters and decision variables are defined in Table 1.

Table 1.

Parameter	Definition
\(z_i\)	Level of investment in features for firm \(i\) , \(z_i \ge 0, i=1,2\) (decision variable).
\(\kappa _i\)	Decision by firm \(i\) to be a low ( \(\kappa _i=0\) ) or high ( \(\kappa _i=1\) ) security developer.
\(\Gamma\)	Set of joint security development types. \(\Gamma =\lbrace LL, LH, HL, HH\rbrace\)
\(\gamma\)	A joint security development type. \(\gamma \in \Gamma\)
\(S\)	Set of joint firm states. \(S=\lbrace gg, gb, bg, bb\rbrace\)
\(s\)	A joint firm state. \(s\in S\)
\(P_s\)	Probability of state \(s\) .
\(D_{i,s}\)	Demand for firm \(i\) when system is in state \(s\) ; note that \(D_{i,gg}=q_i\)
\(q_i\)	Inherent demand quantity for firm \(i\) in absence of adverse events
\(a\)	Feature attractiveness, as captured by the slope of the demand function
\(\Lambda\)	Base security breach arrival rate for the industry.
\(\lambda _i\)	Effective security breach arrival rate for firm \(i\) .
\(1/\mu _i\)	Expected duration of a security breach for firm \(i\) .
\(\rho _i = \Lambda /\mu _i\)	Composite firm-industry risk measure for a firm, \(i\)
\(r_{i}\)	Firm \(i\) ’s direct-risk elasticity of demand, or simply direct-risk.
	\(0\le r_{i} \le 1\)
\(e_{i}\)	Firm \(i\) ’s demand changes due to externalities.
	\(-1\le e_{i}\le 1\)
\(\pi _i\)	Per unit profit for firm \(i\) , excluding feature investment; \(\pi _i\ge z_i\)
\(\mu\) , \(\rho\) , \(r\) , \(e\) , \(\pi\)	Symmetric versions of \(\mu _i\) , \(\rho _i\) , \(r_{i}\) , \(e_{i}\) , and \(\pi _i\)
\(\alpha\)	Feature cost inflation due to high-security development.
\(E[\Pi _i]\)	Total expected profit for firm \(i\) , or simply profit

Table 1. Parameters and Decision Variables

We build our model using the following assumptions.

Assumption 1.

We consider a system of two firms where each firm makes choices regarding the features to include in their product. An increased investment in features leads to an increase in the number, or sophistication, of features offered.

For simplicity, the decision variable in our model is feature investment, \(z_i\) , \(i=1,2\) .

Assumption 2.

Each firm decides their ‘developer type’, which is whether to be a low- or high-security developer.

The decision variable, \(\kappa _i \in \lbrace 0,1\rbrace\) captures this decision where \(\kappa _i=1\) means firm \(i\) has chosen to be a high security developer and \(\kappa _i=0\) means firm \(i\) has chosen to be a low security developer. The set of joint firm developer types is \(\Gamma =\lbrace LL, HL, LH, HH\rbrace\) . The decision to be a high-security developer impacts the cost of feature development by some amount, \(\alpha \ge 0\) . Thus, the cost of feature development is \((1+\alpha \kappa _i)z_i\) . The joint firm developer types are tabulated in Figure 3.

Fig. 3.

Assumption 3.

All things being equal, quantity demanded is a function of the features only; as features increase, demand also increases. To model demand we use a linear demand function.¹

\begin{equation} q_i=1+az_i, \text { where }i=1,2 \end{equation}

(1)

Assumption 4.

Once a security breach has been announced, the affected firm is defined to be in a ‘bad’ state. Each firm may be in either a good ( \(g\) ) or bad ( \(b\) ) state, independent of the other. The set of joint firm states is \(S=\lbrace gg, bg, gb, bb\rbrace\) where, for example, \(gg\) represents the joint state that Firm 1 is in a good state and Firm 2 is also in a good state.

Note that a firm returns to a “good” state when consumers “forget” the earlier security breach. We model this duration as a random variable, as explained in Assumption 5 below.

Assumption 5.

Security breaches follow a Poisson process as a series of independent attacks against the firm.

As in Kolfal et al. [15], we consider \(\Lambda\) to be the base arrival rate of successful attacks for the system (or industry), although not all attacks are successful. A successful attack is one that results in a publicly known security breach that affects consumer demand. We use the terms ‘successful attack’ and ‘security breach’ interchangeably.

Increasing product features also increases the opportunity for an attack to be successful. Let \(\lambda _i= (1+z_i)\Lambda\) for firm \(i=1,2\) be the arrival rate of successful attacks (i.e. security breaches). When a firm experiences a successful attack, the effects will last for a random length of time. Event duration follows an exponential distribution with expected length \(1/\mu _i\) for \(i=1,2\) . While it is possible for firms to affect the expected duration of an event, we do not model this decision. See Figure 4 for an illustration of the state diagram showing the joint firm states that create the steady state probabilities.

Fig. 4.

We are now able to calculate the steady state probabilities for our model as:

\[\begin{eqnarray} P_{gg}=\frac{(\kappa _1+1) (\kappa _2+1)}{(\rho _1 (z_1+1)+\kappa _1+1) (\rho _2(z_2+1)+\kappa _2+1)} \end{eqnarray}\]

(2)

\[\begin{eqnarray} P_{bg}=\frac{\rho _1(\kappa _2+1) (z_1+1)}{(\rho _1(z_1+1)+\kappa _1+1) (\rho _2 (z_2+1)+\kappa _2+1)} \nonumber \nonumber\\ P_{gb}=\frac{\rho _2(\kappa _1+1) (z_2+1)}{(\rho _1 (z_1+1)+\kappa _1+1) (\rho _2 (z_2+1)+\kappa _2+1)} \nonumber \nonumber\\ P_{bb}=\frac{\rho _1 \rho _2 (z_1+1) (z_2+1)}{(\rho _1 (z_1+1)+\kappa _1+1) (\rho _2 (z_2+1)+\kappa _2+1)} \end{eqnarray}\]

(3)

where \(\rho _i =\Lambda /\mu _i\) , \(i=1,2\) . The parameter \(\rho _i\) can be thought of as a composite firm-industry risk measure, for firm \(i\) .

Assumption 6.

When a firm experiences a successful attack, then demand for that firm’s product decreases. We define this percentage change in demand due to a firm’s own security breach as the direct-risk elasticity of demand and model it as:

\begin{equation} r_{i} \in [0,1] \end{equation}

(3)

As noted in the Introduction section, Jeong et al. [13] demonstrate that information security breaches impact the stock price of organizations in information technology (IT) intensive industries where there is strong competition. We assert that stock price changes should reflect investor expectations related to changes in consumer demand.

Assumption 7.

When a focal firm’s competitor experiences a successful attack, then demand for the focal firm’s product may increase or decrease. We define this percentage change in demand due to a competitor’s security breach as the externality impacting demand and model it as:

\begin{equation} e_{i} \in [-1,1], \text { where } e_{i} +r_{i} \le 1 \end{equation}

(4)

Zafar et al. [33] showed that breaches impact the financial performance of other firms that remain unbreached, indicating that market externalities exist when IS security breaches occur. For a negative externality ( \(e_{i}\lt 0\) ) some customers will switch from the affected firm to the unbreached competitor and we call this case “Substitutes in Loss” (or “substitutes” for short). Conversely, for a positive externality ( \(e_{i}\gt 0\) ) some of the unbreached competitor’s customers will also leave the market and we label this case “Complements in Loss” (or “complements” for short). We note that Assumptions 6 and 7 mirror the modeling approach in Kolfal et al. [15].

Assumption 8.

Firms are symmetric in all parameters.

For tractibility, firms are assumed to be symmetric in all parameters. Thus, we drop the subscript \(i\) for direct-risk ( \(r\) ), externality ( \(e\) ), composite firm-industry risk measure ( \(\rho\) ), expected duration of a security breach ( \(1/\mu\) ), and per-unit profit ( \(\pi\) ). Thus we can model the demand equations for the set of joint firm states \(S\) as:

\begin{align} D_{1,gg}&=q_1, \qquad \qquad \quad \!D_{2,gg}=q_2 \end{align}

(5)

\begin{align} D_{1,bg}&=q_1(1-r),\qquad D_{2,bg}=q_2(1-e) \nonumber \nonumber\\ D_{1,gb}&=q_1(1-e),\qquad D_{2,gb}=q_2(1-r) \nonumber \nonumber\\ D_{1,bb}&=q_1(1-r-e),\quad \!\!\!D_{2,bb}=q_2(1-r-e) \end{align}

where \(q_i, i=1,2\) is given by (1).

3 Model Analysis

Firms’ per unit profit excluding new feature investment, \(\pi\) , is known and fixed. Consequently, a firm’s marginal profit is taken as \(\pi -(1+\alpha \kappa _i)z_{i}\) , which must be positive ( \(\pi -(1+\alpha \kappa _i)z_{i}\gt 0\) ) as a participation constraint. The profit for firm \(i\) when firms are in joint state \(s\) (with probability \(P_{s}\) ) is \(D_{i,s}(\pi -(1+\alpha \kappa _i)z_{i})\) . Firms maximize their expected profit, which is derived for firm \(i\) as:

\begin{equation} \begin{array}{rcl} \displaystyle E[\Pi _i] \!\!\!&=&\!\!\! \displaystyle \sum _{s \in S}{P_{s} D_{i,s}}(\pi -(1+\alpha \kappa _i)z_i) =(P_{gg}D_{i,gg}+P_{bg}D_{i,bg}+P_{gb}D_{i,gb}+P_{bb}D_{i,bb})(\pi -(1+\alpha \kappa _i)z_i),\\ && \displaystyle \text { for } i=1,2 \end{array} \end{equation}

(6)

To find optimal feature investment, we must examine the first order conditions for the expected profit. We begin by setting \(\frac{\partial E[\Pi _i]}{\partial z_i}=0\) in (7):

\begin{align} \frac{q_i M_i \rho A_i ((1+\kappa _i)(1+\kappa _j)+(1-r-e)(1+z_j)\rho)+ B (a M_i A_i -q_i M_i \rho -q_i A_i (1+\kappa _i \alpha))}{A_i^2 A_j} = 0 \end{align}

(7)

where \(i,j\in {1,2}\) , \(i\ne j\) and

\begin{align*} M_i &=\pi -(1+\alpha \kappa _i)z_i, \\ A_i &=1+\kappa _i+\rho (1+z_i), \\ A_j &=1+\kappa _j+\rho (1+z_j), \\ B &=(1+\kappa _i)(1+\kappa _j)+(1-r)(1+\kappa _j)(1+z_i)\rho +(1-e)(1+\kappa _i)(1+z_j)\rho \\ &\quad +(1-r-e)(1+z_i)(1+z_j)\rho ^2 \end{align*}

The solution to (7) contains three roots for each firm, although only one root provides feasible investment choices in the real domain. Based on numerical calculations, we next present a series of observations.

3.1 Observations

While we are able to obtain closed-form analytical solutions to our model, the results are complex and thus thwart further interpretation. Thus, to better understand the firm reactions to different demand changes from externalities, we use numerical analysis to explore our model. From that analysis, we have several interesting observations.

To begin, we set the penalty for secure development, \(\alpha\) , to zero to understand how demand reaction alone would impact feature investment. It could reasonably be expected that if secure development is more costly, then cost alone could be driving the results, so we sought to isolate this effect.

With \(\alpha =0\) , we examine the three possible cases for security development types: Case 1 - both firms choose to be low-security developers (i.e. \(\gamma =LL\) ); Case 2 - one firm chooses to be a high-security developer while the other remains a low-security developer (i.e. \(\gamma =\lbrace HL,LH\rbrace\) )²; and Case 3 - both firms choose to be high security developers (i.e. \(\gamma =HH\) ). Without loss of generality, we selected firm 1 as the H-type developer in Case 2.

Observation 1.

When security is cost-less (i.e. \(\alpha =0\) ), all firms will choose to be high security developers.

Firms can unilaterally increase profits by choosing to be a high security developer. That is, the expected profit for the H-type firm in joint developer type \(\gamma =\lbrace HL,LH\rbrace\) is strictly higher than the expected profit when both firms are L-types, as illustrated in Figure 5. Thus, it is in each firm’s self-interest to choose to be H-type. As a result, both will choose to be high security developers. It should be noted, however, that there is no guarantee that expected profit in the joint developer type \(\gamma =HH\) will be higher than that for the single H-type developer in the joint type \(\gamma =\lbrace HL,LH\rbrace\) .

Fig. 5.

The equilibrium level of feature investment is highest when firms are substitutes in loss and lowest when they are complements in loss. As shown in the three case scenarios in Figure 6, firms will invest in the fewest features when they are complements in loss (marked by the green dot, southwest most point). That is, for positive externalities, \(e\gt 0\) , demand decreases for both firms when one firm experiences a security breach. They will invest in the most features when they are substitutes in loss (blue dot, northeast most point in Figure 6). That is, for negative externalities, \(e\lt 0\) , demand increases for the unaffected firm since customers switch from an affected firm to the competitor after a security breach occurs. This result is true not only when security is free (i.e. \(\alpha =0\) ), but also when high-security development is costly (i.e. \(\alpha \gt 0\) ). When firms experience no externalities, \(e=0\) , then the equilibrium level of feature investment is represented by the yellow dot on the imaginary line connecting (or between) the other two dots. Thus, we can conclude that the substitutes case where \(e\lt 0\) results in an increase in feature investment compared to the neutral case where \(e=0\) . In contrast, the complements case where \(e\gt 0\) results in a decrease in feature investment compared to the neutral case where \(e=0\) . Thus, externalities can have opposite impacts on feature investment, depending on the type of customer demand reaction to security breaches. Substitute externalities increase feature investment, but as observed in Figure 6, the increase is relatively small. In contrast, complement externalities decrease feature investment, and as observed in Figure 6, the decrease can be relatively quite large. In other words, the downside risks of complement externalities can have a substantial dampening effect on the optimal equilibrium level of feature investment.

Fig. 6.

Features come at the cost of security. That is, any time the choice is to develop features that are more secure, there will be fewer features developed, even if security has no additional cost. Figure 6 illustrates this point; the equilibrium feature investment for the H-type firm in case 2 ( \(\gamma =\lbrace HL,LH\rbrace\) ) and both firms in case 3 ( \(\gamma =HH\) ) are lower than in case 1 ( \(\gamma =LL\) ). Given this assertion, Observation 1 means that fewer features are developed even when there is no cost to security.

Equilibrium expected profit is highest when firms are substitutes in loss and lowest when firms are complements in loss.³ When firms make the same choice regarding the level of security for feature development (that is, where \(\gamma \in {HH, LL}\) ), firm profits are equal. However, when one firms chooses H-type development while the other chooses L-type (i.e. \(\gamma = HL\) ), the firm that chooses high-security development realizes higher profits than the low-security developer. In particular, we find:

\[\begin{eqnarray} \Pi _L^{HL}\lt \Pi _L^{LL}\lt \Pi _H^{HH}\lt \Pi _H^{HL}, &\text {when } e\lt 0 \end{eqnarray}\]

(8)

\[\begin{eqnarray} \Pi _L^{LL}=\Pi _L^{HL}\lt \Pi _H^{HL}=\Pi _H^{HH}, &\text {when } e=0 \end{eqnarray}\]

(9)

\[\begin{eqnarray} \Pi _L^{HL}\lt \Pi _L^{LL}\lt \Pi _H^{HL}\lt \Pi _H^{HH}, &\text {when } e\gt 0 \end{eqnarray}\]

(10)

where the notation \(\Pi _k^\gamma\) represents the expected profit of firm selecting security development type \(k\in {H,L}\) when the joint security development is of type \(\gamma\) .

When the firms are complements in loss ( \(e\gt 0\) ), the number of features offered and the profits will be lower (even for the same number of features) than when demand is unaffected by security breaches ( \(e=0\) ) or with substitute externalities ( \(e\lt 0\) ). This type of synchronized competitive situation reduces both innovation and profitability for complement externalities ( \(e\gt 0\) ). The relationships 8–10 show that each firm is better off when \(e\ge\) 0 when both firms choose H-type development.

The model so far has been examined for the case where there are no increased costs for high security development; that is, \(\alpha =0\) . We find that when we consider increased costs for high security development, feature investment is decreasing in \(\alpha\) for the high-security firm(s), as expected. Likewise, expected profits are decreasing in \(\alpha\) for any firm choosing to be an H-type developer. A low security development firm incurs no additional costs, thus it is unaffected by changes in \(\alpha\) . Typically, we would assert that there must be some cost to high security.⁴ Thus, in reality \(\alpha \gt 0\) , and it will not logically be equal to zero in most situations. However, we have examined this rather unrealistic case to see what it would suggest. Next, we consider positive cost for security, \(\alpha \gt 0\) , to create perhaps more realistic insights. In this case, we show that adding even a small cost will cause the equilibrium in the model to settle at a point where low security investment for both firms is optimal, resulting in fewer features and lower security.

Observation 2.

With even a small increase in cost to develop secure features, both firms will select low security development.

Unlike the case where high security development is free ( \(\alpha =0\) ), introducing a penalty for secure development leads to both fewer features and lower profits in all cases for H-type developers, except under very specific conditions (see Figure 7). When firms are complements in loss and the cost for secure development is very small (e.g. \(\alpha \le 0.01\) ), then it is possible that profits in the case \(\gamma =HH\) are higher than in the other joint development cases. However, unlike the situation where \(\alpha =0\) , firms will not unilaterally choose to be H-type developers; some form of coordination is required to achieve the HH joint state. Thus, a prisoner’s dilemma exists for these very specific conditions.

Fig. 7.

Observation 3.

When in substitutes or no externality cases (i.e. \(e\le 0\) ), the higher cost H-type development (i.e. \(\alpha \gt 0\) ) dominates the decision of the firm; profits are never better for H-type development when \(\alpha \gt 0\) . However, in the complements case ( \(e\gt 0\) ), if the added cost of H-type development is sufficiently small, then a prisoner’s dilemma emerges. Neither firm can do better by unilaterally choosing to be an H-type developer although, if both firms cooperated and jointly choose to be H-type developers they will both be better off. That is, for the complements case, expected profit may be highest when the joint developer type is \(\gamma =HH\) , provided the added cost of H-type development is sufficiently small.

3.2 Parameter Sensitivity

We next examine how key parameters impact optimal feature investment, \(z_i^*\) , and expected profit, \(E[\Pi _i^*]\) , through a combination of partial derivatives and numerical analysis.

The parameter \(a\) can be thought of as representing the attractiveness of features. Its direct effect is to alter the slope of the inherent demand given by (1). Unsurprisingly, numerical analysis shows that both feature investment and expected profit are increasing in \(a\) :

\begin{align} \frac{\partial z_i}{\partial a} \gt 0 &&\frac{\partial E[\Pi _i]}{\partial a}\gt 0 \end{align}

(11)

The riskiness of the industry, \(\rho\) , has an interesting effect on the optimal feature investment curve. As illustrated in Figure 8, when \(\rho\) makes small increases above zero, we see a sharp decrease in the optimal feature investment. However, as \(\rho\) continues to increase, the decline in the optimal feature investment will reach a minimum and then slowly rise as \(\rho\) continues to increase. Overall, the substitutes case has the highest feature development. This pattern holds for all cases of security decisions and is similar to that found in Kolfal et al. [15] where it was shown that security spending increased initially then fell as \(\rho\) increased. In our model, reducing feature spending reduces the attack surface which is effectively the same as increasing security spending in Kolfal et al. [15].

Fig. 8.

Further, Figure 9 illustrates that for the complements and no externality cases, ( \(e\ge 0\) ), expected profits are decreasing. However, in the substitutes case ( \(e\lt 0\) ), expected profits initially increase until a threshold value, \(\rho _T\) is reached, then profits decrease. The result for the substitutes case ( \(e\lt 0\) ) is in contrast to the result found in Lemma 2 of Kolfal et al. [15], since the increasing investment in features impacts the per unit profit margin. In Kolfal et al. [15], per unit margins were improved by reducing security spending for riskier environments.

Fig. 9.

To some extent, \(\rho\) can be managed. For example, the control that Apple exerts over its product ecosystem and app developers through its app store can be interpreted as an example of a successful attempt to reduce its \(\rho\) . The model clearly predicts that decreasing \(\rho\) from high levels will increase firm profits, with only a small effect on feature investment. Feature investment is lowest, though, for riskiness near zero.

Optimal feature investment and expected profit are decreasing in direct-risk elasticity of demand, as well as in demand externalities. We show Figure 10 for only one value of direct risk, \(r=.5\) , as this provides the widest range of possible values for demand changes due to externalities, given the constraints in Assumptions 6 and 7. Recall, also, that firms are considered substitutes in loss when \(e\lt 0\) and complements in loss when \(e\gt 0\) . Thus, this sensitivity analysis confirms the observation that feature investment is higher for substitutes than complements. Feature investments increase for substitute externalities and decrease for complement externalities. The slope of investment changes due to externalities is steeper for complements externalities than for substitute externalities, as shown in Figure 10. In other words, the downside risks of complement externalities can have a substantial dampening effect on the optimal equilibrium level of feature investment.

Fig. 10.

Examination of Figure 10 reveals an interesting insight. Notice the difference in the way the feature investment lines behave versus the way the expected profit lines behave as \(e\) increases from left to right. The feature investment curves asymptotically on the left side when \(e\lt 0\) , and expected profit does not. This illustrates that profit is not just about the number of features that you create; profits and features are clearly correlated, although in a non-linear manner. Expected profits, in contrast to feature investment, are linearly decreasing in \(e\) , and \(e\) is driving both feature investment and profits.

4 Discussion and Conclusions

In this paper, we propose a model to evaluate the trade-off between innovation and the risk that is inherently brought on by that innovation. Innovation may cause unanticipated risk for the customer, such as the potential for security breaches caused by unforeseen exposures created through the product ecosystem. The change in demand from the externalities that a firm faces has a substantial impact on the level of innovation that they offer to the customer. This causes a firm to offer either more or fewer innovations than in an environment with no externalities. Different innovation levels are driven by how customers react to the risk imposed on them by the product ecosystem.

We have explored conditions where firms make trade-offs between offering additional features to an IT-related product or service and the marginal decrease in security. The game theoretic economic model presented in this paper illustrates that investment in feature development and subsequent profits are substantially impacted by the demand changes due to externalities for adverse events such as security breaches. The impact of externalities for the product are divided into two distinct categories. The first is complements-in-loss, whereby adverse events experienced by customers at a competing firm decrease the firm’s demand. It is shown that innovation and profits are reduced when the direction of demand reaction to a security breach at one firm is synchronized across firms. In contrast, when demand reaction to a security breach at one firm inversely impacts the other firm, then innovation through additional features (and profits) are higher.

Efforts to control the risk associated with the product ecosystem, such as Apple’s tight control over their app store or a website’s exclusion of third-party functionality providers, will result in lower industry risk. The model illustrates that as the industry risk is reduced from high levels, the equilibrium level of innovation will decrease. Thus, tightly controlled product ecosystems such as Apple’s are expected to dampen innovation somewhat, but this negative impact on demand and profits could easily be offset if the firm is able to desynchronize risks vis-a-vis its competitors while reducing the risks for its customers. In contrast, the Android app store has fewer controls over app developers. The equilibrium level of innovation is higher when the industry risk is higher, as are the realized security breaches arising from the product ecosystem. The stronger control exerted by Apple over their platform environment, seems to have some benefits as far as security is concerned, but product ecosystem innovation as measured by the number of apps is also lower. Our model identifies two potential impacts on the level of innovation that can be strategically managed. The first cause is the level and direction of externalities due to security incidents on demand. The second cause is lower industry risk. Our model explains the impacts of both of these forces which alter the level of innovation in the product ecosystem.

There are many factors and variable values that remain somewhat abstract in this paper. The root causes of market conditions where user security concerns impact demand remain largely unspecified. The line of questioning would be “What does or does not causes those conditions?” This paper does not explicitly deal with the root causes of differences in market conditions, as this is outside our scope and is an avenue for future research.

This research has shown that high-security development is disincentivized, and leads to a type of competitive behavior where the opportunity window for high-security development for all firms is small. This, in turn, leads to innovations where high security is not the focus. Thus, the results indicate that industry security standards or governmental policy intervention are likely required to facilitate high-security solutions. Without such intervention, we would expect to observe the situation that we currently witness, which is a world in which high-security innovations are the exception.

Footnotes

A parabolic functional form for demand produces similar results.

Without loss of generality, we will examine only when firm 1 is H-type and firm 2 is L-type as results will be symmetric.

This holds for a parabolic demand function also.

⁴

Improved development methods may incorporate better security leading to fewer bugs and overall faster development. However, there is a cost to migrating to these development methods (e.g., retraining existing employees, managing process changes, investing in more advanced tools and equipment, etc.). While such increased investments may be temporary, training new employees in the process will likely represent an ongoing commitment.

References

[1]

Mamdouh Alenezi and Mohammad Zarour. 2020. On the relationship between software complexity and security. International Journal of Software Engineering & Applications (IJSEA) 11 (2020), 51–60. Issue 1. http://arxiv.org/abs/2002.07135.

Abstract

1 Introduction

2 Model

3 Model Analysis

3.1 Observations

3.2 Parameter Sensitivity

4 Discussion and Conclusions

Footnotes

References

Cited By

Index Terms

Recommendations

Organizational Innovation and Substandard Performance: When is Necessity the Mother of Innovation?

Organizational Innovation and Substandard Performance: When is Necessity the Mother of Innovation?

New Organizational Forms for Enhancing Innovation: The Case of Internal Corporate Joint Ventures

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

HTML Format

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations