Discussion Paper
No. 2017-98 | November 17, 2017
Paul Twomey
G20 action on the digital economy: addressing market failures to improve the health of the digital infrastructure
(Published in Global Solutions Paper)


Market failures are resulting in network operators and device manufacturers not being incentivized to ensure improved cyber security practices in their operations. The result is a large global base of vulnerable computers, modems/routers and Internet of Things devices which can be manipulated by Cyber criminals. Practical recommendations are made as to how governments could address these market failures (with low-cost to government) and significantly improve the health of the cyber ecosystem.

JEL Classification:

L1, L2

Cite As

Paul Twomey (2017). G20 action on the digital economy: addressing market failures to improve the health of the digital infrastructure. Economics Discussion Papers, No 2017-98, Kiel Institute for the World Economy. http://www.economics-ejournal.org/economics/discussionpapers/2017-98

Comments and Questions

Anonymous - Referee report
January 03, 2018 - 08:26
This article is about a particularly important problem for our digital future: insufficient cyber security for computers, modems, routers and, most importantly, the Internet of Things. Just as these connected technologies hold great promise for future prosperity, so the digital vulnerabilities are an equally great threat, magnified through the same network externalities that generates the promise. The author identifies to particularly important areas in which governments should address market failures: network operator practices that generate vulnerability and deficient security in the Internet of Things. In order for this article to be accessible to the educated public, will be important for the author to define all his acronyms (for example ISP, CERTS) and to use acronyms consistently (e.g. DDoS, not DDOS). The author clearly identifies the nature of the externalities, for example, that the network pollution impact is greater to the users then to the operators. The author should explain why the recommendations regarding network operator practices are so modest, given the size of the challenge. ISPs only encouraged to improve device deployment processes and operational decisions and the adoption of MANRS is only encouraged. These are only voluntary actions. Given the nature of the externality mentioned above, it appears clear that such voluntary actions unlikely to remain insufficient with regard to the public interest. The recommendations regarding the Internet of Things are all compelling. The author should be encouraged to provide greater detail for the implementation of these recommendations.