Research database

This project aims to investigate the factors influencing the exposure of firms and consumers to cyber risk, the economic incentives of firms to invest in cybersecurity, and their interplay with the environment in which firms operate (specifically, the market structure and the digital infrastructure). The focus is to understand the role of regulation, by designing the optimal policy tools that can spur investments in cyber security while avoiding potentially unintended effects, and by analyzing the effects of the privacy regulation currently in place. In particular, the project has two main goals: i) To understand and analyze the factors affecting the exposure to cyber risk of firms and consumers. We aim to explore both the contextual factors arising externally of the firm’s environment, and factors stemming within firms, because of their own strategy. As to the external factors, we will focus on hackers’ behavior, on the role of advanced digital infrastructure on firms’ resilience to cyber risk, as well as on individuals’ potentially risky online activities. As internal factors, we will analyze how the exposure to cyber risk affects firms’ strategies in terms of prices, innovation activity, data collection, and investment in cybersecurity. We explore how these decisions depend on the market conditions in which firms operate, on their exposure to previous attacks, on the services they use (e.g., cloud service providers), and on how intensively their business relies on data. ii) To identify policy tools through which firms and regulatory authorities can design implementable policies to protect individuals and firms online as well as to spur investments in cybersecurity. The work will provide insights on the interplay between investments in cybersecurity and regulatory instruments such as optimal liability structure, platform interoperability (e.g., as now possible by the EU Digital Markets Act), and content moderation policies mandating platforms to delete content hurting fundamental rights. The research team involves scholars joining expertise on digital economics, regulation and industrial organization, in addition to specific experience on the economics of cybersecurity and privacy. The project is structured in different, yet intertwined, subtasks and includes both theoretical and empirical analyses. On the theoretical side, we will leverage on models on platform and data economics from the industrial organization literature. On the empirical side, we can leverage on a unique dataset matching information on the availability of advanced digital infrastructure at the municipality level in Italy; and firm-level data from the Bank of Italy survey on firms’ exposure to cyber risk and their investments in cybersecurity. Moreover, data on online traffic is obtained by the marketing firm Similarweb, and this data will be used for the completion of at least two deliverables on online safety.