Understanding the Value of Business Information



Many businesses seem to be of two minds when it comes to understanding the value of their information. Firms say that it is their most valuable asset, yet they seem unwilling to invest in information security technologies to protect it. A closer look at a few different ways to understand the value of information suggests how to resolve this apparent paradox.


Experience goods Information security Risk management Subjective probabilities Utility versus value 


  1. Adams, J. (1997). Cars, cholera and cows: Virtual risk and the management of uncertainty. Manchester: Manchester Statistical Society.Google Scholar
  2. Akerlof, G. A. (1970). The market for ‘lemons’: Quality uncertainty and the market mechanism. Quarterly Journal of Economics, 84(3), 488–500.CrossRefGoogle Scholar
  3. Bell, D. E. (1982). Regret in decision making under uncertainty. Operations Research, 30(5), 961–981.CrossRefGoogle Scholar
  4. Bernoulli, D. (1738). Specimen theoriae novae de mensura sortis. Commentarii Academiae Scientiarum Imperialis Petropolitanae, 5, 175–192. (Reprinted in translation as Exposition of a new theory on the measurement of risk. Econometrica, 22, 123–136, 1954)Google Scholar
  5. Böhm-Bawerk, E. (1891). The positive theory of capital (William A. Smart, Trans.). London: Macmillan and Co.Google Scholar
  6. Breiman, L., et al. (1984). Classification and regression trees. Monterey: Wadsworth.Google Scholar
  7. Checkpoint. (2009, October 21). Guide to the TCO of Encryption (Checkpoint Software Technologies) Redwood City, California, available at http://security.networksasia.net/content/guide-tco-encryption accessed July 17, 2012.
  8. El-Gamal, M. A., & Grether, D. M. (December 1995). Are people Bayesian? Uncovering behavioral strategies. Journal of the American Statistical Association, 90(432), 1137–1145.CrossRefGoogle Scholar
  9. Ernst & Young LLP. (2009). Outpacing change: Ernst & Young’s 12 th annual global information security survey at http://www.ey.com/Publication/vwLUAssets/12th_annual_GISS/$FILE/12th_annual_GISS.pdf.
  10. Finkel, A. M. (2010, October 20). Out of balance: (Why) are risk assessors more interested in uncertainty and variability than regulatory economists are? Presentation at the Society for Benefit-Cost Analysis annual meeting, Washington, DC.Google Scholar
  11. Finkel, A. M. (2011). Solution-focused risk assessment: A proposal for the fusion of environmental analysis and action. Human and Ecological Risk Assessment, 17(4): 754–787. See also five commentaries on this article in the same issue of the journal, 788–812.Google Scholar
  12. Finkel, A. M., & Evans, J. S. (1987). Evaluating the benefits of uncertainty reduction in environmental health risk management. Journal of the Air Pollution Control Association, 37(10), 1164–1171.Google Scholar
  13. Finkel, A M., Shafir, E., Ferson, S., Harrington, W., et al. (2006). Transferring to regulatory economics the risk-analysis approaches to uncertainty, interindividual variability, and other phenomena (National Science Foundation Grant #0756539). Decision, Risk, and Uncertainty program, (Human and Social Dynamics of Change competition).Google Scholar
  14. Johnson, C. (2008, October 15). The global state of information security. CIO Magazine.Google Scholar
  15. Kahneman, D., & Tversky, A. (1979). Prospect theory: An analysis of decision under risk. Econometrica, XLVII, 263–291.CrossRefGoogle Scholar
  16. Knight, F. (1921). Risk, uncertainty and profit. Boston: Hart, Schaffner & Marx/Houghton Mifflin Co.Google Scholar
  17. National Research Council. (1983). Risk assessment in the federal government: Managing the process (the “Red Book”). Washington, DC: National Academy Press.Google Scholar
  18. National Research Council. (2009). Science and decisions: Advancing risk assessment. Washington, DC: National Academy Press.Google Scholar
  19. Nelson, P. (1970). Information and consumer behavior. Journal of Political Economy, 78(2), 311–329.CrossRefGoogle Scholar
  20. Plunkett, E. (Lord Dunsany). (1935, January 28). Jorkens’ Revenge. The (London) Evening Standard. (Reprinted in The collected Jorkens (Vol. 2). San Francisco: Night Shade Press, 2005)Google Scholar
  21. Ponemon, L. (2009, April 22). The cost of a lost laptop. The Ponemon Institute. Michigan: Traverse CityGoogle Scholar
  22. Soo Hoo, K. (2002). How much is enough: A risk management approach to computer security. Ph. D. dissertation, Department of Management Science and Engineering, Stanford University, Stanford.Google Scholar
  23. Stoneburner, G., Goguen, A., & Feringa, A. (2002, July). Risk management guide for information technology systems (NIST Special Publication 800-30). Gaithersburg: National Institute of Standards and Technology.Google Scholar
  24. Strategic Data Management. (2008, April 21). Effective data management: Imperative to align business and IT interests.Google Scholar
  25. Sturgeon, W. (2006, January 27). Could your laptop be worth millions? C-NetNews.com http://news.com.com/Could+your+laptop+be+worth+millions/2100-1029_3-6032177.html
  26. Sutton, W., & Linn, E. (2004). Where the money was: The memoirs of a bank robber. New York: Broadway.Google Scholar
  27. Viscusi, W. K., & Aldy, J. (2003). The value of a statistical life: A critical review of market estimates throughout the world. Journal of Risk and Uncertainty, 27(1), 5–76.CrossRefGoogle Scholar
  28. von Neumann, J., & Morgenstern, O. (1944). Theory of games and economic behavior. Princeton: Princeton University Press.Google Scholar
  29. Yukota, F., & Thompson, K. (2004). The value of information in environmental health risk management decisions: Past, present, future. Risk Analysis, 24(3), 635–650.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2012

Authors and Affiliations

  1. 1.Voltage Security, Inc.CupertinoUSA

Personalised recommendations