“…Firms may also resort to economic mechanisms, such as cyberinsurance, risk pooling arrangements, and managed security services, to manage information security risks [70,71]. Analyzing and evaluating security risk [55,68], leveraging system modularity [64], implementing and increasing user awareness of security countermeasures [20,36], and optimizing security investment [8,29,58] are critical procedures for effective information systems security management.…”