This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Sunday, September 27 • 9:32am - 10:05am
Broadband Industry Structure and Cybercrime: An Empirical Analysis

Sign up or log in to save this to your schedule and see who's attending!

Paper Link

Cybercrime continues to be a growing drain on the world economy. While admittedly a continual game of cat-and-mouse between the hackers and the minders of data stored and in transit, Internet service providers (ISPs) can play a pivotal role in reducing the incidence and effect of cybercrime. This paper builds on existing theoretical and empirical work to further explore the role of competition on the level of security provided by ISPs.

This paper primarily serves to test the findings of our theoretical analysis of the impact of competition on ISP incentives to invest in cybersecurity. There are many dimensions in the relationship between ISP competition and security investment. Increased competition might lower the margins for ISPs, resulting in lower security investment. Alternatively, if users are interested in greater security and can discern the relative security levels of the competing ISPs, competition might lead to increased security investment. Yet another possibility is that competition provides an opportunity to free ride on the security provided by the rival ISP, again reducing security investment. Our previous work shows theoretically how ISP incentives change in different competitive situations. In this paper we test those theoretical results by analyzing the number of infected users, signifying botnet prevention, and the duration of infection, showing botnet mitigation.

A 2012 OECD study showed that ISPs have significant discretion, and variation, in how they address botnet mitigation. The authors of that study recognized and estimated many of the factors that can explain the sizable differences found in the security performance of ISPs, emphasizing the institutional and organizational characteristics that shape the ISPs’ incentives. (van Eeten et al 2010). The current paper builds on this by using updated data and placing greater emphasis on market structure. Competitive pressure in the ISP market is considered in the previous work with the use of a variable for average revenue per subscriber and market share, using a panel of observations of the spam generated by infected users for 40 countries in 2005-2009. These variables for competitive pressure were not found to be significant, implying no relationship. In order to look more directly at the effect of competition, we identify when ISPs are facing significant changes in the competition they face either through entry or exit, and test its significance in botnet infection prevention and mitigation using econometric methods. The data is obtained in a manner similar to that used in van Eeten et al 2012, with the development of a honeypot to attract the spam generated by infected machines. These spam messages are then traced back to their ISPs through identification of their IP addresses.


David Simpson

Chief Public Safety & Homeland Security Bureau, FCC


Carolyn Gideon

Asst Prof Int'l Communication and Tech Policy, Tufts University

Christiaan Hogendorn

Wesleyan University

Sunday September 27, 2015 9:32am - 10:05am
GMUSL - Room 120

Attendees (14)