{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T02:03:29Z","timestamp":1780625009355,"version":"3.54.1"},"reference-count":37,"publisher":"Oxford University Press (OUP)","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Cyber Secur"],"published-print":{"date-parts":[[2016,12]]},"DOI":"10.1093\/cybsec\/tyw002","type":"journal-article","created":{"date-parts":[[2016,12,24]],"date-time":"2016-12-24T09:07:03Z","timestamp":1482570423000},"page":"29-41","source":"Crossref","is-referenced-by-count":43,"title":["The economics of mandatory security breach reporting to authorities"],"prefix":"10.1093","volume":"2","author":[{"given":"Stefan","family":"Laube","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rainer","family":"B\u00f6hme","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"286","published-online":{"date-parts":[[2016,12,22]]},"reference":[{"key":"2016123008051110000_2.1.29.1","doi-asserted-by":"crossref","first-page":"33","DOI":"10.3233\/JCS-2009-0398","article-title":"The impact of information security breaches: Has there been a downward shift in costs?","volume":"19","author":"Gordon","year":"2011","journal-title":"J Comput Secur"},{"key":"2016123008051110000_2.1.29.2","doi-asserted-by":"crossref","unstructured":"Fischer-H\u00fcbner S. IT-Security. In: Goos G Hartmanis J van Leeuwen J (ed). IT-Security and Privacy: Design and Use of Privacy-enhancing Security Mechanisms, Vol. 1958, Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2001, 35\u2013105.","DOI":"10.1007\/3-540-45150-1_3"},{"key":"2016123008051110000_2.1.29.3","unstructured":"PwC. Managing cyber risks in an interconnected world Key\u2013findings from The Global State of Information Security Survey 2015. Technical report. PricewaterhouseCoopers (PwC), 2015."},{"key":"2016123008051110000_2.1.29.4","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1080\/10864415.2004.11044320","article-title":"The effect of Internet security breach announcements on market value: Capital market reactions for breached firms and Internet security developers","volume":"9","author":"Cavusoglu","year":"2004","journal-title":"Int J Electron Commerce"},{"key":"2016123008051110000_2.1.29.5","doi-asserted-by":"publisher","DOI":"10.1023\/A:1024119208153"},{"key":"2016123008051110000_2.1.29.6","doi-asserted-by":"crossref","unstructured":"Anderson R B\u00f6hme R Clayton R , . Security economics and the internal market. Technical report. European Network and Information Security Agency (ENISA), 2008.","DOI":"10.1007\/978-0-387-09762-6_3"},{"key":"2016123008051110000_2.1.29.7","doi-asserted-by":"crossref","first-page":"236","DOI":"10.1016\/j.clsr.2013.03.003","article-title":"The challenge and imperative of private sector cybersecurity: An international comparison","volume":"29","author":"Hiller","year":"2013","journal-title":"Comput Law Sec Rev"},{"key":"2016123008051110000_2.1.29.8","unstructured":"State security breach notification laws. Available at http:\/\/www.ncsl.org\/research\/telecommunications-and-information-technology\/security-breach-notification-laws.aspx (19 May 2016, date last accessed)."},{"key":"2016123008051110000_2.1.29.9","unstructured":"Dekker M Karsberg C Daskala B. Cyber incident reporting in the EU \u2013 An overview of security articles in EU legislation. Technical report. European Network and Information Security Agency (ENISA), 2012."},{"key":"2016123008051110000_2.1.29.10","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1287\/isre.1050.0053","article-title":"The economic incentives for sharing security information","volume":"16","author":"Gal-Or","year":"2005","journal-title":"Inform Syst Res"},{"key":"2016123008051110000_2.1.29.11","unstructured":"Acquisti A Friedman A Telang R. Is there a cost to privacy breaches? An event study. In: Workshop on Economics of Information Security (WEIS), University of Cambridge, UK, 2006."},{"key":"2016123008051110000_2.1.29.12","unstructured":"Romanosky S Telang R Acquisti A. Do data breach disclosure laws reduce identity theft? In: Workshop on Economics of Information Security (WEIS), Hanover, NH, USA, 2008."},{"key":"2016123008051110000_2.1.29.13","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1111\/jels.12035","article-title":"Empirical analysis of data breach litigation","volume":"11","author":"Romanosky","year":"2014","journal-title":"J Empir Leg Stud"},{"key":"2016123008051110000_2.1.29.14","unstructured":"Samuelson Law, Technology & Public Policy Clinic. Security breach notification laws: Views from chief security officers. Technical report. University of California, Berkeley School of Law, 2007."},{"key":"2016123008051110000_2.1.29.15","unstructured":"Romanosky S Sharp R Acquisti A. Data breaches and identity theft: When is mandatory disclosure optimal? In: Workshop on Economics of Information Security (WEIS), Harvard University, MA, USA, 2010."},{"key":"2016123008051110000_2.1.29.16","doi-asserted-by":"crossref","first-page":"461","DOI":"10.1016\/j.jaccpubpol.2003.09.001","article-title":"Sharing information on computer systems security: An economic analysis","volume":"22","author":"Gordon","year":"2003","journal-title":"J Account Publ Pol"},{"key":"2016123008051110000_2.1.29.17","doi-asserted-by":"crossref","first-page":"639","DOI":"10.1016\/j.jaccpubpol.2007.10.001","article-title":"Information sharing among firms and cyber attacks","volume":"26","author":"Hausken","year":"2007","journal-title":"J Account Publ Pol"},{"key":"2016123008051110000_2.1.29.18","unstructured":"\u00d6\u011f\u00fct H Menon N Raghunathan S. Cyber insurance and IT security investment: Impact of interdependent risk. In: Workshop on the Economics of Information Security (WEIS), Harvard University, MA, USA, 2005."},{"key":"2016123008051110000_2.1.29.19","doi-asserted-by":"crossref","unstructured":"Laube S B\u00f6hme R. Mandatory security information sharing with authorities: Implications on investments in internal controls. In: ACM Conference on Computer and Communication Security (ACM CCS), Workshop on Information Sharing and Collaborative Security, Denver, CO, USA, 2015, pp. 31\u201342.","DOI":"10.1145\/2808128.2808132"},{"key":"2016123008051110000_2.1.29.20","unstructured":"ENISA. Cyber security information sharing: An overview of regulatory and non-regulatory approaches. Technical report. European Union Agency For Network And Information Security (ENISA), 2015."},{"key":"2016123008051110000_2.1.29.21","unstructured":"European Commission. Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union. COM (2013) 48 Final, 2013."},{"key":"2016123008051110000_2.1.29.22","first-page":"1133","article-title":"Are \u2018better\u2019 security breach notification laws possible?","volume":"24","author":"Winn","year":"2009","journal-title":"Berk Tech Law J"},{"key":"2016123008051110000_2.1.29.23","first-page":"28","article-title":"The value of intrusion detection systems in information technology security architecture. Inform Syst.","volume":"16","author":"Cavusoglu","year":"2005","journal-title":"Res"},{"key":"2016123008051110000_2.1.29.24","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/j.dss.2011.05.007","article-title":"Knowledge sharing and investment decisions in information security","volume":"52","author":"Liu","year":"2011","journal-title":"Decis Support Syst"},{"key":"2016123008051110000_2.1.29.25","doi-asserted-by":"crossref","first-page":"1","DOI":"10.2307\/2490604","article-title":"Auditing: Incentives and truthful reporting","volume":"17","author":"Ng","year":"1979","journal-title":"J Account Res"},{"key":"2016123008051110000_2.1.29.26","doi-asserted-by":"publisher","DOI":"10.2307\/2297516"},{"key":"2016123008051110000_2.1.29.27","unstructured":"Zhou L. The value of security audits, asymmetric information and market impacts of security breaches. PhD Thesis, University of Maryland, MD, USA, 2004."},{"key":"2016123008051110000_2.1.29.28","doi-asserted-by":"crossref","unstructured":"Laffont J Martimort D. The Theory of Incentives: The Principal\u2013agent model. Princeton, NJ: Princeton University Press, 2002.","DOI":"10.1515\/9781400829453"},{"key":"2016123008051110000_2.1.29.29","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1145\/581271.581274","article-title":"The economics of information security investment","volume":"5","author":"Gordon","year":"2002","journal-title":"ACM Trans Inform Syst Secur"},{"key":"2016123008051110000_2.1.29.30","doi-asserted-by":"crossref","unstructured":"Khouzani M Pham V Cid C. Strategic discovery and sharing of vulnerabilities in competitive environments. In: Poovendran R Saad W (ed). Decision and Game Theory for Security, Vol. 8840. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2014, 59\u201378.","DOI":"10.1007\/978-3-319-12601-2_4"},{"key":"2016123008051110000_2.1.29.31","doi-asserted-by":"crossref","unstructured":"Naghizadeh P Liu M. Inter-temporal incentives in security information sharing agreements. In: AAAI-16 Workshop on Artificial Intelligence for Cyber Sercurity (AICS), Phoenix, AZ, USA, 2016.","DOI":"10.1109\/ITA.2016.7888179"},{"key":"2016123008051110000_2.1.29.32","doi-asserted-by":"crossref","unstructured":"Gay S. Strategic news bundling and privacy breach disclosures. In: Workshop on the Economics of Information Security (WEIS), Berkeley, CA, USA, 2016.","DOI":"10.2139\/ssrn.2608766"},{"key":"2016123008051110000_2.1.29.33","doi-asserted-by":"crossref","unstructured":"B\u00f6hme R. Security audits revisited. In: Keromytis A (ed), Financial Cryptography and Data Security (FC), Volume 7397, Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2012, 129\u201347.","DOI":"10.1007\/978-3-642-32946-3_11"},{"key":"2016123008051110000_2.1.29.34","doi-asserted-by":"crossref","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","article-title":"The 1999 DARPA off-line intrusion detection evaluation","volume":"34","author":"Lippmann","year":"2000","journal-title":"Comput Network"},{"key":"2016123008051110000_2.1.29.35","unstructured":"Khouzani M Pham V Cid C. Incentive engineering for outsourced computation in the face of collusion. In: Workshop on the Economics of Information Security (WEIS), Pennsylvania State University, PA, USA, 2014."},{"key":"2016123008051110000_2.1.29.36","doi-asserted-by":"crossref","unstructured":"Macho-Stadler I P\u00e9rez-Castrillo D. Principal\u2013agent models. In: Meyers R (ed). Encyclopedia of Complexity and Systems Science. New York: Springer, 2009, 6977\u201390.","DOI":"10.1007\/978-0-387-30440-3_416"},{"key":"2016123008051110000_2.1.29.37","unstructured":"Statistisches Bundesamt. Statistisches Jahrbuch Deutschland und Internationales. Wiesbaden: Statistisches Bundesamt, 2013."}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/2\/1\/29\/10833147\/tyw002.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,9,28]],"date-time":"2020-09-28T05:59:07Z","timestamp":1601272747000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-lookup\/doi\/10.1093\/cybsec\/tyw002"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,12]]},"references-count":37,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2016,12,30]]},"published-print":{"date-parts":[[2016,12]]}},"alternative-id":["10.1093\/cybsec\/tyw002"],"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyw002","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,12]]}}}