H. Jahankhani et al. (Eds.): ICGS3/e-Democracy 2011, LNICST 99, pp. 156–163, 2012. © Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2012 Analyzing the Economic Impacts of Security Breaches Due to Outsourcing Dimitrios Koumaridis, Emmanouil Stiakakis, and Christos K. Georgiadis University of Macedonia, Department of Applied Informatics, Egnatia 156, 54006 Thessaloniki, Greece {koumaridis,stiakakis,geor}@uom.gr Abstract. In our study, we present four different approaches on the subject that are connected more or less to each other, giving more attention on outsourcing security issues. A case study for the use of outsourced services is also presented using empirical data from an insurance company. This work concludes with an overview of our research, its limitations and by giving some research questions for future work. Keywords: security economics, outsourcing, security breach. 1 Introduction The aim of this work is to identify and examine some of the major approaches in the area of security economics. More specifically, four different approaches are examined. We start by presenting them in the section of theoretical background and then we mostly emphasize on the one dealing with the outsourcing policy of companies. These four approaches are connected to each other since they deal with the same subject but from a different point of view. The first approach is a research by Wang [1] about the effects that disclosures have in business economics, regarding security policies and cases of security breakdowns. The second approach by Ioannidis et al. [2] presents the “conflict” between system administrators and system users about confidentiality and availability. The authors also present the endless effort of the administrators to exploit their budgets properly in order to raise their effectiveness. The third approach on the subject of security economics comes from Anderson [3] and is more behavioral rather than technical, as security is a combination of technology and policy over the proper usage of it. It deals mainly with differences in sentiments upon information security. The fourth approach deals with the rising development of the third partner services in many businesses and the problems occurring from the adoption of this outsourcing policy. It is of great importance that a company gives the opportunity to another company to process crucial and sometimes top secret data. The last approach is the main topic of our work. We conclude with a case study concerning a Greek insurance company about the usage of outsourced services and their impacts.