University of Calgary: Tech sector seeks a balance between innovation and customer security
Over several decades, constant innovation in the technology sector has created once-unimaginable products and services: a device in your pocket with dozens of apps, a vehicle that drives itself, a fridge that knows when you’re out of milk.
Some online activities that we take for granted, such as shopping with a credit card or using a banking app to pay off that credit card, are regulated. Financial institutions are required to have high levels of security to protect consumers from online fraud. Without regulations demanding high security, people would be unlikely to use an app that puts their bank accounts at risk of a security breach.
“It required a presidential directive in the U.S. to make every bank that wanted to provide credit cards to have high security,” says Dr. Raymond Patterson, PhD, professor of business technology management at the Haskayne School of Business. “They said, if you want to play in that game, you have to have high security.”
But that’s not the case with most apps or software. “For the most part, we have a world with extremely low security,” says Patterson. “How do we get into this situation where all these apps have very low security? How does that happen?”
In How Customer Demand Reactions Impact Technology Innovation and Security, Patterson and several colleagues in the U.S. — Dr. Lisa Yeo, PhD, of the University of California at Merced; Dr. Erik Rolland, PhD, of Cal Poly Pomona; and Dr. Jackie Rees Ulmer, PhD, of Ohio University — explore how consumer reaction to the risk of security breaches affects a tech company’s innovation.
“There’s always this chess game going on between buyers and sellers,” says Patterson. “The question we asked is: ‘If there was the potential for security breach, would that affect the level of innovation?’”
The answer, he says, is yes: consumer reaction to security breaches has a “significant impact on innovative feature development.”
Using a two-stage game economic model, the researchers demonstrate how potential changes in consumer demand due to security risks impact a tech firm’s innovation strategy. “We show that conditions under security breaches can either increase or decrease product demand and levels of product innovation in the market,” says Patterson.
Technology companies must balance the benefits of innovation with the “unintended consequences” of security breaches. Every time you update software or get a new app, you’re downloading new features and innovations. The more innovations, the more complex the technology becomes. And, with more complexity, there’s a higher risk of mistakes and defects that can lead to vulnerabilities and security breaches.
“Banks are notorious for being risk-averse and the paper explains why banks are not that innovative, but it’s very different in other markets. It just depends on how the customers are going to react to you,” says Patterson. For example, Apple keeps stronger controls over its App Store than Android. While these controls provide “some benefits” for security, product innovation (as measured by the number of apps and/or features available) is lower than at Android’s version of the App Store.
The research provides insight for policy-makers and tech companies to make decisions around security and privacy. “These are not cheap decisions. There’s a lot of money being spent on security. And it impacts innovation,” says Patterson. “The economic models we present can help firms better target innovation investments in the presence of ever-increasing security risks.”