Managed security contracts that reward providers for notifying their clients of breaches provide better security, according to a mathematical analysis conducted by three researchers at the University of Texas at Dallas and the Middle East Technical University. The research, which will be presented at the Workshop on the Economics of Information Security (WEIS) 2010 next month, analyzed a common type of contract used today in which a provider assesses a fee for its managed security service, but refunds part of the fee — as a penalty — if there is a breach. Using game-theory analysis, the researchers established that this commonly used contract model provides no incentive for the provider to notify its client of a breach. Two other contract models, however, are more likely to provide incentives for better security, the researchers say.