1 / 23

Estimating the Market for Internet Service Provider-Based Cyber Security Solutions

Estimating the Market for Internet Service Provider-Based Cyber Security Solutions. Brent Rowe – RTI International Doug Reeves – NC State University Dallas Wood – RTI International Fern Braun – RTI International November 4, 2010. Study Motivation.

stash
Download Presentation

Estimating the Market for Internet Service Provider-Based Cyber Security Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Estimating the Market for Internet Service Provider-Based Cyber Security Solutions Brent Rowe – RTI International Doug Reeves – NC State University Dallas Wood – RTI International Fern Braun – RTI International November 4, 2010

  2. Study Motivation • Home Internet users are particularly ill-prepared to secure their computers • Economic theory: Incomplete information

  3. Study Motivation • Home Internet users are particularly ill-preparedto secure their computers • Economic theory: Incomplete information • Home Internet users’ insecurity affectsall other Internet users • Economic theory: Cost externalities

  4. Study Motivation • Home Internet users are particularly ill-preparedto secure their computers • Economic theory: Incomplete information • Home Internet users’ insecurity affectsall other Internet users • Economic theory: Cost externalities

  5. Study Motivation • KEY QUESTION: How can home internet users become more secure? • Incentive home internet users to spend more time / money on security • Government regulations / subsidies to increase the security of products and services • We decided to investigate a case study that would help inform both potential actions

  6. Case Study: ISP-based Cyber Security • ISPs are in optimal location to identifymalicious incoming & outgoing Internet traffic • ISPs haveknowledge and capabilities to react • As such, ISPs can help reduce the social cost of cyber security activities significantly • Economic theory: Economies of scale

  7. Study Goals • Estimate supply of ISP-based cyber security solutions • What are ISPs doing for their customers’ security? • What aren’t they doing that could help customers’ security? • How much are they charging for security services? • Estimate demand for ISP-based cyber security solutions • What are ISP customers willing to pay for security? • What ISP security service components most impact demand? • What educational / marketing messages can impact demand?

  8. I. ISP Supply Assessment • Identified 84 plans sold by the Top 22 ISPs • 77% of plans examined were DSL or cable broadband • 97% offer some type security service • 49% of those offering security services charge a fee, the rest include in monthly price

  9. I. ISP Supply Assessment • Average Price of Plan w/ Security = $52.65 • Average Price of Plan w/o Security = $47.47 • NET: Amount ISPs Charging Customers for “Included” Security Features = $4.18 • Average Price of Security Add-on = $4.34

  10. I. ISP Supply Assessment Security features offered vary by plan as follows:  • 100% of security plans include antivirus and anti-spyware software • 86% of plans include firewalls • 79% of plans include anti-spam • 73% of plans include anti-phishing

  11. I. ISP Supply Assessment Security features offered vary by plan as follows:  • 100% of security plans include antivirus and anti-spyware software • 86% of plans include firewalls • 79% of plans include anti-spam • 73% of plans include anti-phishing • ? % of plans include traffic analysis, filtering & remediation (higher cost)

  12. I. ISP Supply Assessment Security features offered vary by plan as follows:  • 100% of security plans include antivirus and anti-spyware software • 86% of plans include firewalls • 79% of plans include anti-spam • 73% of plans include anti-phishing • ? % of plans include traffic analysis, filtering & remediation (higher cost) Comcast does

  13. I. ISP Supply Assessment Why aren’t ISPs doing more? • Legal implications • Desire not to impede internet activities • Perception that consumers are not willing to pay enough for security products / services

  14. I. ISP Supply Assessment Why aren’t ISPs doing more? • Legal implications • Desire not to impede internet activities • Perception that consumers are not willing to pay enough for security products / services

  15. II. Consumer Demand Assessment Establish Baseline: • Quantify home internet users’ willingness to pay for ISP-based cyber security solutions • Quantify home internet users’ willingness to spend time on ISP-based cyber security solutions

  16. II. Consumer Demand Assessment Assess Impact of Marketing / Educational Messages: • Evaluate the differences in impact of fear and trustmessaging on demand measures • Identify any impact on behavior based on survey language

  17. II. Consumer Demand Assessment • Developed survey of home Internet users to determine willingness to pay for security and accept certain tradeoffs • Utilized stated preference questions to assess demand • Fielding through ComScore to 2,400 broadband home internet users • Pilot survey conducted with 365 participants

  18. Conjoint Question: Example

  19. Pilot Survey Results • On average, respondents indicated they would be willing to pay (per month)... • $3.87 to AVOID ever having their internet access restricted • $3.55 to REDUCE THE RISK of identify theft to them • $2.83 to REDUCE THE RISK of their computer crashing • $1.96 to REDUCE THE RISK of others being impacted • $0.71 to AVOID one hour of training

  20. Implications • Average cost of $4.25 for current ISP security packages (focus on low cost options like AV) • Pilot data suggests that consumers are willing to pay over $8 per month to reduce risks to them and others, however… • They do not want their internet access limited • They do not want to spend time on security

  21. Future Survey Analysis • 8 Versions of the Survey Fielded • No text added • “Trust” , “Fear” and combined messages added prior to conjoint questions • Are survey participants willing to pay more when they know more about threats and actions they can take? • Analysis of Post-survey Actions • Do survey participants search for security? • Do survey participants install security programs?

  22. Next Steps • Field survey to full sample of 2,400 individuals through Comscore • Assess impact of educational / marketing messages • Determine if any actions are taken post survey • Compile results into final report to be delivered in late 2010 / early 2011

  23. Additional Information • If you would like additional information about this study, please contact: Brent Rowe broweat rti.org

More Related