Looking at the sample data Breach notification, I can see two economic theories being demonstrated clearly: Laissez Fair Economic Theory, and Marxian Economic Theory. The response of the company to inform their users was an act to fulfill obligations of liability, which aligns with the social theory of Social Contract Theory. The actions of the hackers can also be explained by the social theory of Routine Activities Theory.
Laissez Fair Economic Theory as it relates to cybersecurity argues that the government take a responsive rather than preventative stance when dealing with cybersecurity breaches, only intervening when individual rights such as the right to privacy is violated. In the case of the data breach, the government is getting involved in investigating the data breach because an incident with the platform provider occurred. Marxian Economic Theory can explain the actions of the attackers on the other side of this scenario. Following Marxian Economic Theory, the attackers are those with power, or the ones with the ability to take advantage of the vulnerability that gave them access to obtain private information of the Glass Washer Parts company customers. The customers in this scenario are the vulnerable ones without the power and therefore were exploited for economic gain by the attackers.
The social science theories of Social Contract Theory and Routine Activities Theory are also demonstrated in the sample data breach notification below. By informing their customers of the data breach, Glass Washer Parts is fulfilling their social contract or obligation to society, a concept central to Social Contract Theory. The company Glass Washer Parts is taking responsibility to inform its customers of a breach because it is part of its social contract to remain a trustworthy business in the eyes of the government and the people, and it is liable to notify their customers of the privacy breach.
The attacker’s behavior on the other side can be explained by Routine Activities Theory. Routine Activities Theory outlines that for crime to happen, there needs to exist a motivated offender, a suitable target, and the absence of a capable guardian. In the context of the cybersecurity breach, the attackers are motivated by monetary gain through stealing the private information of the customers. The suitable targets are the customers who gave their information to the third-party provider. The absence of the capable guardian can be explained as the software or hardware vulnerabilities that exist.
Sample Data Breach: