An Empirical Analysis of the Effectiveness of Information Security Measures

Author Name IIDAKA Yuki  (Information-technology Promotion Agency) /HANAMURA Kenichi  (Information-technology Promotion Agency) /KOMATSU Ayako  (Consulting Fellow, RIETI) /SAITO Yukiko  (Fellow, RIETI) /TSUKADA Naotoshi  (Research Associate, RIETI)
Creation Date/NO. October 2013 13-E-086
Download / Links


We examine whether the adoption of information security measures can reduce the probability of computer virus infection by using firm-level survey data and probit regression analysis. We find that implementing two security measures—Web content filtering (WCF) and restriction of bringing in/out storage media or PCs (R_in/out)—can result in a statistically significant reduction of the probability. Calculating the average partial effect, we also indicate that the adoption of each of these measures decreases the estimated probability of infection by about 10% on average. In addition to these analyses, we show that the effectiveness of some security measures differs by firm size or by sector.