A plaque depicting Alfred Nobel at the Nobel Peace Prize Ceremony 2008.
Chris Jackson—Getty Images
By Robert Hackett
October 14, 2017

Professor Richard Thaler this week collected a Nobel Prize for his insights into behavioral economics—the idea that, contrary to economic theory, humans are not rational actors when it comes to financial decisions, but can be nudged to make better choices. The most famous application of Thaler’s insight is a law that encourages firms to automatically enroll workers in 401K plans rather than require them to sign up. This simple nudge has dramatically increased the amount that tens of millions of Americans have saved for retirement.

When it comes to cyber-security, it’s clear firms like Equifax could have used a Thaler-style nudge to tighten up their sloppy IT practices. Recall that the Equifax debacle, one of the worst data breaches in history, arose because the company failed to update its software—and a big reason for this is because it lacked incentives to do so.

According to Megan Stiles, an attorney and cyber expert at Public Knowledge, the credit bureaus systemically under-invested in data protection because their short-term interest in profit took precedence over security.

Stiles says we’ve reached a point where credit bureaus and other data firms require more regulation, including incentives to invest in safety. She pointed to the oil industry as a possible model, noting that those who transport tankers of oil must carry insurance in case something goes wrong—and the insurance companies in turn demand they take precautions to obtain coverage.

It’s not hard to imagine how this model could extend to companies that store and transport data. In this case, a mandatory insurance regime could include provisions that require up-to-date software for coverage to apply. The upshot would be a new way of aligning the economic incentives of the credit bureaus with smart cyber security practices.

There are all sorts of other ideas, of course, for how lawmakers should respond to Equifax’s data disaster. But drawing on Thaler’s insights, and using economic tools to nudge the credit bureaus towards better behavior, may be one of the most promising.

Thanks as always for reading—more cyber news and fin-tech tidbits below.


Jeff John Roberts



Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.


You May Like