[T]o managers, security is not something you can point to as an achievement, isn't something you can really 'measure', doesn't make a contribution to the bottom line of whatever organizational goal you have, and ultimately you could spend infinite money on security and still not guarantee it, while on the other hand a system in development slipping schedule is very visible to managers, so there's always a tendency throughout the organization to push the priority for security down when it comes to making tradeoffs, and this despite the full knowledge by IT managers that this is a thing they should account for. SourceWe overuse narrow, short-term, readily available numerical indicators, often to the exclusion of the bigger picture. Managers do it with cybersecurity but it happens universally; for instance when it comes to valuing equities or, more critically, when we target, implicitly or explicitly macro-economic variables such as Gross Domestic Product. We focus on aspects of reality that can be captured by numbers even when any correlation between those numbers and the well-being of a society or ecology is incidental or even negative.
This tendency works against our best interests, because those things that we can't accurately monitor can be crucial. An organisation cannot measure the probability of a cyberdisaster, but it can measure the money it spends on cybersecurity. We can't accurately measure societal well-being but we can measure economic growth. We can't measure the probability of a nuclear war, but we can measure the funding of bodies ostensibly aimed at reducing it.
So where do Social Policy Bonds come in? They would change the identity of the people doing the measuring and they reward success and, just as crucially, terminate failures. An organisation wanting to reduce the threat of cyberdisaster could take out some form of broadly defined insurance against that sort of disaster: one that would apply beyond the career horizons of the security officers in that organisation. But, unlike a conventional insurance policy, the issuers of the policy would take an active role in monitoring the organisation's systems. It would be highly motivated to do so effectively, because its contract with the organisation would penalise any failure.
At the policy level, instead of (or as well as), for example, paying bodies of the United Nations or non-governmental organisations to turn up for work and write papers, we could issue Nuclear Peace Bonds that would reward people for achieving a sustained period of nuclear peace, whoever they are and however they do so.
What about societal well-being? Trickier. Thinking aloud: We could stop assuming it's correlated with Gross Domestic Product (or GDP per capita) and put more effort into measuring it and its components. We could stop ignoring things like inequality and levels of trust that are (currently) not that easy to measure but that, on all the evidence, are crucial components of social well-being. We could compile something like the Human Development Index with objective measures that correlate strongly with well-being. Government could target improvements in this and other objective indicators, rather than blindly aim for economic growth at all costs, which seems to be the default activity. Alternatively it could also concentrate solely on such undisputed components of well-being (health, for instance or, at a global level, absence of conflict) and, as in the previous examples, issue bonds that reward the absence of large falls in those components.
The important points are that the people doing the achieving of our goals should have incentives to be efficient and to take a long-term view. Social Policy Bonds, being tradeable, allow us to target remote goals, because the composition and structure of our motivated coalition of goal-achievers can change in response to changing events and circumstances. We need diverse, adaptive solutions to our problems, which are exactly the sort of solutions that government at any above the least aggregated level, can't provide. Social Policy Bonds would give people incentives to find those solutions and implement them.