About

Terrence W. August is a Professor of Innovation, Technology, and Operations at UC San Diego's Rady School of Management. His research broadly spans information systems and operations management, with current interests including the economics of network software, production and service management, pricing and policy related to network goods, and the interaction of digital piracy and security risk. He actively investigates the control of information security risk using economic incentives and the provision of dynamic survival information to cancer patients. August has co-founded two information technology start-up companies and has experience working in research, development, and operations for the Clorox Company. He has also provided consulting services for companies such as Honeywell, GlaxoSmithKline, Herbalife, and Time Warner Cable, and has served as an expert witness in technology-related legal matters. He earned his Ph.D. in operations, information, and technology from the Graduate School of Business at Stanford University in 2007. Early in his career, he received the National Science Foundation CAREER award for his work on the economics of security.

Research topics

• Computer Science
• Marketing
• Computer Security
• Economics
• Business
• Law
• Finance
• Public economics
• Microeconomics
• Market economy
• Industrial organization

Selected publications

• The Impact of Cryptocurrency on Cybersecurity

  Management Science · 2025-03-27 · 2 citations

  articleOpen access1st authorCorresponding

  Cryptocurrencies have prompted a shift away from classic security attacks toward ransomware-based extortion. To better understand the impact of cryptocurrencies on the cybersecurity landscape, we conduct a comparative analysis of cybersecurity metrics prior to and after the adoption of cryptocurrency using a series of connected software-use models in the presence of security externalities. In this framework, we endogenize the actions of both heterogeneous consumers and attackers, with entry of the latter being driven by both the size of the unpatched consumer population and, as a subset of it, the size of the ransom-paying consumer population. We first examine users’ adoption and patching behavior under both security scenarios. We explore how changes in attacker entry costs impact outcomes under both conventional and post-crypto ransomware threat landscapes. We show that ransomware scenarios may be more desirable than conventional ones when attacker entry costs are low, provided that the gains from entering with standard attacks under the ransomware scenario are not too high. However, under such scenarios, social welfare can increase under the same conditions that lead to larger ransoms being demanded and a higher expected total ransom being paid, which presents a conundrum to policymakers. We also examine the impact of market parameters associated with security losses from conventional attacks and residual losses when victims pay in ransomware attacks. This paper was accepted by Kay Giesecke, finance. Funding: This work was partially supported by Insung Research Grant of KUBS, the LG Yonam Foundation (of Korea), and an award from the Georgia Institute of Technology Center of International Business Education and Research as part of its funded research program. Supplemental Material: The online appendices are available at https://doi.org/10.1287/mnsc.2023.00969 .

  PublisherOA PDFDOI

• The Impact of Cryptocurrency on Cybersecurity

  SSRN Electronic Journal · 2025-01-01

  articleOpen access1st authorCorresponding
  PublisherDOI

• Cyberattacks, Operational Disruption, and Investment in Resilience Measures

  Management Science · 2024-12-18 · 4 citations

  article1st authorCorresponding

  With the increased frequency and magnitude of cyberattacks, policymakers and the private sector search for ways to counter this threat. One of the main initiatives suggested to achieve this goal is sharing cybersecurity-related information. Although the general belief is that information sharing can increase both industry profit and social welfare, it is unclear whether firms would voluntarily share such information. In this paper, we examine the incentives of firms to share cybersecurity-related information, how information sharing impacts investments in cyber resilience, and the aggregate impact on welfare. We find that firms only voluntarily share information in less competitive markets when the impact of the disruption is high. In all other cases, firms elect not to share information, despite potential welfare benefits. To facilitate information sharing, we investigate an exclusionary policy (i.e., sharing must be mutual) and demonstrate market conditions under which this policy incentivizes information sharing. However, when competition is intense, even the exclusionary policy is ineffective because it reduces industry profit. To inform stronger interventions, we examine firms being mandated to disclose their private cyberthreat information. We demonstrate that an opportunity does exist for such disclosure, particularly when the cost of investing in cyber resilience is high. However, policymakers must use caution with such a policy because applying this intervention when investment costs are not high leads to a steep reduction in welfare. This paper was accepted by D. J. Wu, information systems. Supplemental Material: The online appendix is available at https://doi.org/10.1287/mnsc.2022.00430 .

  PublisherDOI

• Cyberattacks, Operational Disruption and Investment in Resilience Measures

  SSRN Electronic Journal · 2022-01-01 · 2 citations

  articleOpen access1st authorCorresponding
  PublisherDOI

• Economics of Ransomware: Risk Interdependence and Large-Scale Attacks

  Management Science · 2022 · 32 citations

  1st authorCorresponding
  • Computer Security
  • Computer Science
  • Business

  Recently, the development of ransomware strains and changes in the marketplace for malware have greatly reduced the entry barrier for attackers to conduct large-scale ransomware attacks. In this paper, we examine how this mode of cyberattack impacts software vendors and consumer behavior. When victims face an added option to mitigate losses via a ransom payment, both the equilibrium market size and the vendor’s profit under optimal pricing can actually increase in the ransom demand. Profit can also increase in the scale of residual losses following a ransom payment (which reflect the trustworthiness of the ransomware operator). We show that for intermediate levels of risk, the vendor restricts software adoption by substantially hiking up price. This lies in stark contrast to outcomes in a benchmark case involving traditional malware (non-ransomware) where the vendor decreases price as security risk increases. Social welfare is higher under ransomware compared with the benchmark in both sufficiently low- and high-risk settings. However, for intermediate risk, it is better from a social standpoint if consumers do not have an option to pay ransom. We also show that the expected ransom paid is nonmonotone in risk, increasing when risk is moderate despite a decreasing ransom-paying population. For ransomware attacks on other vectors (beyond patchable vulnerabilities), there can still be an incentive to hike price. However, market size and profits instead weakly decrease in the ransom amount. When studying a generalized model that includes both traditional and ransomware attacks, our results remain robust to a wide range of scenarios, including threat landscapes where ransomware has only a small presence. This paper was accepted by Kartik Hosanagar, information systems. Funding: This work has been supported by the Haskayne School of Business' Dean's Research Grant and by an award from the Georgia Institute of Technology Center of International Business Education & Research as part of its funded research program. Supplemental Material: The online appendix is available at https://doi.org/10.1287/mnsc.2022.4300 .

  PublisherDOI

• Information in Surveillance Scans: The Patient's Window into Post-Surgical Cancer Risk

  SSRN Electronic Journal · 2022-01-01

  articleOpen access1st authorCorresponding
  PublisherDOI

• Competition Among Proprietary and Open-Source Software Firms: The Role of Licensing in Strategic Contribution

  Management Science · 2020 · 48 citations

  1st authorCorresponding
  • Computer Science
  • Business
  • Industrial organization

  In enterprise software markets, firms are increasingly using services-based business models built on open-source software (OSS) to compete with established, proprietary software firms. Because third-party firms can also strategically contribute to OSS and compete in the services market, the nature of competition between OSS constituents and proprietary software firms can be complex. Moreover, their incentives are likely influenced by the licensing schemes that govern OSS. We study a three-player game and examine how open-source licensing affects competition among an open-source originator, an open-source contributor, and a proprietor competing in an enterprise software market. In this regard, we examine (1) how quality investments and prices are endogenously determined in equilibrium, (2) how license restrictiveness impacts equilibrium investments and the quality of offerings, and (3) how license restrictiveness affects consumer surplus and social welfare. Although some in the open-source community often advocate restrictive licenses such as the GNU General Public License because it is not always in the best interest of the originator for the contributor to invest greater development effort, such licensing can actually be detrimental to both consumer surplus and social welfare when it exacerbates this incentive conflict. We find such an outcome in markets characterized by software providers with similar development capabilities yet cast in favor of the proprietor. In contrast, when these capabilities either become more dispersed or remain similar but tilt in favor of open source, a more restrictive license instead encourages greater effort from the OSS contributor, leads to higher OSS quality, and provides a larger societal benefit. This paper was accepted by Chris Forman, information systems.

  PublisherDOI

• Competition Among Proprietary and Open-Source Software Firms: The Role of Licensing on Strategic Contribution

  2020-03-16

  article1st authorCorresponding

  In enterprise software markets, firms are increasingly using services-based business models built on open-source software (OSS) to compete with established, proprietary software firms. Because thirdparty firms can also strategically contribute to OSS and compete in the services market, the nature of competition between OSS constituents and proprietary software firms can be complex. Moreover, their incentives are likely influenced by the licensing schemes that govern OSS. We study a three player game and examine how open-source licensing affects competition among an open-source originator, open-source contributor, and a proprietor competing in an enterprise software market. In this regard, we examine: (i) how quality investments and prices are endogenously determined in equilibrium, (ii) how license restrictiveness impacts equilibrium investments and the quality of offerings, and (iii) how license restrictiveness affects consumer surplus and social welfare. Although some in the open-source community often advocate restrictive licenses such as GPL, because it is not always in the best interest of the originator for the contributor to invest greater development effort, such licensing can actually be detrimental to both consumer surplus and social welfare when it exacerbates this incentive conflict. We find such an outcome in markets characterized by software providers with similar development capabilities yet cast in favor of the proprietor. On the other hand, when either these capabilities become more dispersed or remain similar but tilt in favor of open-source, a more restrictive license instead encourages greater effort from the OSS contributor, leads to higher OSS quality, and provides a larger societal benefit.

• Market Segmentation and Software Security: Pricing Patching Rights

  Management Science · 2019-08-09 · 34 citations

  article1st authorCorresponding

  The patching approach to security in the software industry has been less effective than desired. One critical issue with the status quo is that the endowment of “patching rights” (the ability for a user to choose whether security updates are applied) lacks the incentive structure to induce better security-related decisions. However, producers can differentiate their products based on the provision of patching rights. By characterizing the price for these rights, the optimal discount provided to those who relinquish rights and have their systems automatically updated in a timely manner, and the consumption and protection strategies taken by users in equilibrium as they strategically interact because of the security externality associated with product vulnerabilities, it is shown that the optimal pricing of these rights can segment the market in a manner that leads to both greater security and greater profitability. This policy greatly reduces unpatched populations and has a relative hike in profitability that is increasing in the extent to which patches are bundled together. Social welfare may decrease when automated patching costs are small because strategic pricing contracts usage in the market and also incentivizes loss-inefficient choices. However, welfare benefits when the policy either (1) greatly expands automatic updating in cases in which it is minimally observed or (2) significantly reduces the patching process burden of those who most value the software. This paper was accepted by Anandhi Bharadwaj, information systems.

  PublisherDOI

• Economics of Ransomware Attacks

  SSRN Electronic Journal · 2019-01-01 · 6 citations

  articleOpen access1st authorCorresponding
  PublisherDOI

Recent grants

• CAREER: Control of Information Security Risk Using Economic Incentives

  NSF · $530k · 2010–2016

Frequent coauthors

• Hyoduk Shin

  University of California, San Diego

  12 shared

• Tunay I. Tunca

  University of Maryland, College Park

  12 shared

• Marius Florin Niculescu

  Georgia Institute of Technology

  8 shared

• Duy Dao

  University of Calgary

  8 shared

• Kevin Zhu

  2 shared

• Noam Shamir

  Tel Aviv University

  2 shared

• Daehoon Noh

  University of San Diego

  2 shared

• Wei Chen

  2 shared

Awards & honors

• National Science Foundation CAREER award