References
- Anna, K. (2020). Cloud computing attacks: A new vector for cyber attacks. https://www.apriorit.com/dev-blog/523-cloud-computing-cyber-attacks.
- Asatiani, A., Apte, U., Penttinen, E., Rönkkö, M., & Saarinen, T. (2014). Outsourcing of disaggregated services in cloud-based enterprise information systems [Paper presentation]. 2014 47th Hawaii International Conference on System Sciences, Waikoloa, HI, 1268-1277. http://doi.org/10.1109/HICSS.2014.164.
- August, T., & Tunca, T. I. (2011). Who should be responsible for software security? A comparative analysis of liability policies in network environments. Management Science, 57(5), 934–959. https://doi.org/10.1287/mnsc.1100.1304
- August, T., Niculescu, M. F., & Shin, H. (2014). Cloud implications on software network structure and security risks. Information Systems Research, 25(3), 489–510. https://doi.org/10.1287/isre.2014.0527
- Barry, L. (2017). Top Azure PaaS services that developers love and why. https://stackify. com/top-azure-paas-services-developers/
- Bhattacharyya, S., & Lafontaine, F. (1995). Double-sided moral hazard and the nature of share contracts. The RAND Journal of Economics, 26(4), 761–781. https://doi.org/10.2307/2556017
- Brad, T. (2023). Cyber insurance in 2023: What every organization should know. https://www.proficio.com/cyber-insurance-in-2023-what-every-organization-should-know/.
- Cavusoglu, H., Raghunathan, S., & Cavusoglu, H. (2009). Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Information Systems Research, 20(2), 198–217. https://doi.org/10.1287/isre.1080.0180
- Cezar, A., Cavusoglu, H., & Raghunathan, S. (2017). Sourcing information security operations: The role of risk interdependency and competitive externality in outsourcing decisions. Production and Operations Management, 26(5), 860–879. https://doi.org/10.1111/poms.12681
- Choudhury, V., & Sabherwal, R. (2003). Portfolios of control in outsourced software development projects. Information Systems Research, 14(3), 291–314. https://doi.org/10.1287/isre.14.3.291.16563
- Cremonini, M., & Nizovtsev, D. (2009). Risks and benefits of signaling information system characteristics to strategic attackers. Journal of Management Information Systems, 26(3), 241–274. https://doi.org/10.2753/MIS0742-1222260308
- Cooper, R., & Ross, T. W. (1985). Product warranties and double moral hazard. The RAND Journal of Economics, 16(1), 103–113. https://doi.org/10.2307/2555592
- Das, T. K., & Teng, B. S. (1998). Between trust and control: Developing confidence in partner cooperation in alliances. The Academy of Management Review, 23(3), 491–512. https://doi.org/10.2307/259291
- Digitalisation World (DW) (2022). Third of businesses suffered a serious cloud data breach or leak as hackers exploit misconfigurations. https://digitalisationworld.com/news/61996/third-of-businesses-suffered-a-serious-cloud-data-breach-or-leak-as-hackers-exploit-misconfigurations.
- Debasish, P. (2021). AWS capital one data breach. https://www.cloudcodes.com/blog/capital-one-breach-aws.html.
- Demirkan, H., Cheng, H. K., & Bandyopadhyay, S. (2010). Coordination strategies in an SaaS supply chain. Journal of Management Information Systems, 26(4), 119–143. https://doi.org/10.2753/MIS0742-1222260405
- Emma, L. (2018). Tencent Cloud user claims $1.6 million compensation for data loss. https://technode.com/2018/08/06/tencent-cloud-user-claims-1-6-million-compensation-for-data-loss/
- Ezhei, M., & Tork Ladani, B. (2020). Interdependency analysis in security investment against strategic attacks. Information Systems Frontiers, 22(1), 187–201. https://doi.org/10.1007/s10796-018-9845-8
- Feng, N., Chen, Y., Feng, H., Li, D., & Li, M. (2020). To outsource or not: The impact of information leakage risk on information security strategy. Information & Management, 57(5), 103215. https://doi.org/10.1016/j.im.2019.103215
- Fortinet (2021). Cloud security report. https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/report-cybersecurity-cloud-security-report-fortinet-2.5.pdf.
- Frank, S. (2016). Cloud security incident compensation. https://resources.infosecinstitute.com/%20topic/cloud-security-incident-compensation/.
- Fudenberg, D., & Tirole, J. (1991). Game theory. MIT Press.
- Gal-Or, E., & Ghose, A. (2005). The economic incentives for sharing security information. Information Systems Research, 16(2), 186–208. https://doi.org/10.1287/isre.1050.0053
- Gao, X., Zhong, W., & Mei, S. (2013a). A differential game approach to information security investment under hackers’ knowledge dissemination. Operations Research Letters, 41(5), 421–425. https://doi.org/10.1016/j.orl.2013.05.002
- Gao, X., Zhong, W., & Mei, S. (2013b). Information security investment when hackers disseminate knowledge. Decision Analysis, 10(4), 352–368. https://doi.org/10.1287/deca.2013.0278
- Gao, X., & Zhong, W. (2015). Information security investment for competitive firms with hacker behavior and security requirements. Annals of Operations Research, 235(1), 277–300. https://doi.org/10.1007/s10479-015-1925-2
- Gartner (2021). Gartner says cloud will be the centerpiece of new digital experience. https://www.gartner.com/en/newsroom/press-releases/2021-11-10-gartner-says-cloud-will-be-the-centerpiece-of-new-digital-experiences.
- Gartner (2022). 7 Top Trends in Cybersecurity for 2022. https://www.gartner.com/en/articles/7-top-trends-in-cybersecurity-for-2022.
- Global Times (2021). Taobao deals with unauthorized data scraping incident. https://www.globaltimes.cn/page/202106/1226346.shtml.
- Gupta, A., & Zhdanov, D. (2012). Growth and sustainability of managed security services networks: An economic perspective. Mis Quarterly, 36(4), 1109–1130. https://doi.org/10.2307/41703500
- Hui, K.-L., Hui, W., & Yue, W. T. (2012). Information security outsourcing with system interdependency and mandatory security requirement. Journal of Management Information Systems, 29(3), 117–156. https://doi.org/10.2753/MIS0742-1222290304
- Hui, K.-L., Ke, P. F., Yao, Y., & Yue, W. T. (2019). Bilateral liability-based contracts in information security outsourcing. Information Systems Research, 30(2), 411–429. https://doi.org/10.1287/isre.2018.0806
- Jensen, M. L., Dinger, M., Wright, R. T., & Thatcher, J. B. (2017). Training to mitigate phishing attacks using mindfulness techniques. Journal of Management Information Systems, 34(2), 597–626. https://doi.org/10.1080/07421222.2017.1334499
- IBM (2019). Cloud services agreement. https://www.ibm.com/support/customer/pdf/terms/ csa_th.pdf.
- Kandukuri, B. R., Paturi, V. R., & Rakshit, A. (2009). Cloud security issues [Paper presentation]. 2009 IEEE International Conference on Services Computing, Bangalore, India, 517-520. https://doi.org/10.1109/SCC.2009.84
- Lee, C. H., Geng, X., & Raghunathan, S. (2013). Contracting information security in the presence of double moral hazard. Information Systems Research, 24(2), 295–311. https://doi.org/10.1287/isre.1120.0447
- Looper, C. D. (2016). How hackers are really getting your data, and what you can do to keep it safe. https://www.techradar.com/news/internet/how-hackers-are-really-getting-your-information-and-what-you-can-do-to-keep-it-safe-1323706.
- Luo, S., & Choi, T. M. (2022). E‐commerce supply chains with considerations of cyber‐security: Should governments play a role? Production and Operations Management, 31(5), 2107–2126. https://doi.org/10.1111/poms.13666
- McCormick, M. (2016). The power of subscription pricing. https://blog.blackcurve.com/the-power-of-subscription-pricing.
- Mell, P., & Timothy, G. (2011). The NIST definition of cloud computing. National Institute of Standards & Technology.
- Paquette, S., Jaeger, P. T., & Wilson, S. C. (2010). Identifying the security risks associated with governmental use of cloud computing. Government Information Quarterly, 27(3), 245–253. https://doi.org/10.1016/j.giq.2010.01.002
- Png, I. P. L., & Wang, Q. H. (2009). Information security: Facilitating user precautions vis-à-vis enforcement against attackers. Journal of Management Information Systems, 26(2), 97–121. https://doi.org/10.2753/MIS0742-1222260205
- Priya, P. (2022). IaaS vs PaaS vs SaaS. https://www.educba.com/iaas-vs-paas-vs-saas/.
- Secureworks (2020). Cloud security: A shared responsibility model. https://www. secureworks.com/resources/wp-cloud-security-a-shared-responsibility-model.
- Shavell, S. (1979). On moral hazard and insurance. The Quarterly Journal of Economics, 93(4), 541–562.
- Srinidhi, B., Yan, J., & Tayi, G. K. (2015). Allocation of resources to cyber-security: The effect of misalignment of interest between managers and investors. Decision Support Systems, 75, 49–62. https://doi.org/10.1016/j.dss.2015.04.011
- StorageCraft (2022). 7 Most infamous cloud security breaches. https://blog. storagecraft.com/7-infamous-cloud-security-breaches/.
- Sun, C., Ji, Y., & Geng, X. (2023). Which enemy to dance with? A new role of softwarepiracy in influencing antipiracy strategies [Online]. Information Systems Research.. https://doi.org/10.1287/isre.2023.1219
- Susarla, A., Barua, A., & Whinston, A. B. (2009). A transaction cost perspective of the “software as a service” business model. Journal of Management Information Systems, 26(2), 205–240. https://doi.org/10.2753/MIS0742-1222260209
- Transparency Market Research (2022). Cloud computing services market to benefit from COVID-19-induced lockdown. https://www.digitaljournal.com/pr/cloud-computing-services-market-to-benefit-from-covid-19-induced-lockdown.
- Wheatman, V., Smith, B. S. N., Pescatore, J., Nicollet, M., Allan, A., & Mogull, R. (2005). What your organization should be spending for information security. Gartner Research, Stamford. https://www.gartner.com/doc/474665? ref=mrktg-srch.
- Wu, Y., Xiao, H., Dai, T., & Cheng, D. (2022). A game-theoretical model of firm security reactions responding to a strategic hacker in a competitive industry. Journal of the Operational Research Society, 73(4), 716–740. https://doi.org/10.1080/01605682.2020.1854631
- Wu, Y., Tayi, G. K., Feng, G., & Fung, R. Y. K. (2021). Managing information security outsourcing under a dynamic cooperation environment. Journal of the Association for Information Systems, 22(3), 827–850. https://doi.org/10.17705/1jais.00681
- Wu, Y., Feng, G., & Fung, R. Y. K. (2018). Comparison of information security decisions under different security and business environments. Journal of the Operational Research Society, 69(5), 747–761. https://doi.org/10.1057/s41274-017-0263-y
- Xin, M., & Choudhary, V. (2019). IT investment under competition: The role of implementation failure. Management Science, 65(4), 1909–1925. https://doi.org/10.1287/mnsc.2017.3005
- Yang, M., Jacob, V., & Raghunathan, S. (2021). Cloud service model’s role in provider and user security investment incentives. Production and Operations Management, 30(2), 419–437. https://doi.org/10.1111/poms.13274
- Zetter, K. (2009). In legal first, data-breach suit targets auditor. https://www.wired.com/2009/06/auditor-sued/.
- Zhang, Z., Nan, G., & Tan, Y. (2020). Cloud services vs. On-premises software: Competition under security risk and product customization. Information Systems Research, 31(3), 848–864. https://doi.org/10.1287/isre.2019.0919
- Zhao, X., Xue, L., & Whinston, A. B. (2013). Managing interdependent information security risks: Cyberinsurance, managed security services, and risk pooling arrangements. Journal of Management Information Systems, 30(1), 123–152. https://doi.org/10.2753/MIS0742-1222300104