Journal Entry # 1 :

Keynesian economists believe that government intervention is needed in times to
stabilize the economy. When a customer’s data is lost it can erode the trust between the customer
and the company. Keynesian principles would implore the government to take action when a
data breach occurs. Cybersecurity laws and regulations can enforce businesses to invest in
security measures fostering a better relationship between patrons and economic stability. In
contrast using a lasses-fair economic approach what advocate for minimal government
intervention when a security breach happens. The sample breach demonstrates potential market
failures associated with cyber threats. Under this approach companies may under invest in cyber
security measures due to a lack of regulation making companies more vulnerable attacks and
putting more citizens information at risk. Keeping these aspects in mind, it emphasizes the
importance of government intervention for businesses to prioritize data security.
The first social science theory that I want to highlight is the social contract theory. This
theory asserts that individuals give up some freedoms for the benefits of society meaning for a
business to focus on protecting customer information and not solely on profits. In the context of
the sample breach the company failed in this aspect. Customers who trusted the glass company
with their information will feel as if they’re privacy was violated. When a breakdown of trust
occurs between a business and their customers, the only way to resolve this issue would be to
increase security measures. Using social learning theory to analyze the breach letter would mean
learning from it. If businesses were to observe the consequences that come from data breaches,
they would hopefully be more inclined to invest in cybersecurity measures. Additionally,
government consequences can be used to motivate companies to invest in cyber infrastructure.

Journal Entry # 2:

Companies currently face a struggle having to identify and patch vulnerabilities in their
systems due to constant evolving cyber threats. Bug bounty programs use the expertise of ethical
hackers to uncover cybersecurity weaknesses in companies. Data from HackerOne showed that
these programs were in fact effective for numerous reasons. Most companies spend a good
portion of their time must to choose between internal security teams and external bug bounty
programs. Internal teams offer a sense of control, but their size sometimes isn’t enough to handle
the amount of threats. Bug Bounty programs offer a global connection ethical hackers, increasing
the likelihood of a vulnerability being uncovered. Using this approach allows for the company to
align with market efficiency, gaining access to a wider talent pool at a potentially lower cost
compared to expanding internal teams.
After analyzing the data from HackerOne, it was found that ethical hackers were not
motivated by cash incentives, but rather by the intellectual challenge, reputation building, and the
opportunity to protect critical cyber infrastructure. Companies in industries such as finance,
retail, and healthcare receive fewer bug reports on average compared to those in sectors such as
tech or military. This can possibly be due to a perception of these industries being more secure
than others, a lack of awareness of Bug Bounty programs in these sectors, or potentially stricter
program guidelines that deter participation. To further understand the reason behind fewer
reports would need to be further studied. Overall, the study provides a valuable contribution to
the research on bug bounties. The study explains the potential bug bounties has a cost-effective
way to bolster cybersecurity protections, which can be useful for companies.