To share or not to share: A behavioral perspective on human participation in security information sharing

Alain Mermoud (), Marcus Keupp (), Kévin Huguenin (), Maximilian Palmié () and Dimitri Percia David ()
Additional contact information
Alain Mermoud: ETH Zürich - Eidgenössische Technische Hochschule - Swiss Federal Institute of Technology [Zürich], HEC Lausanne - Faculté des Hautes Etudes Commerciales (HEC Lausanne)
Marcus Keupp: ETH Zürich - Eidgenössische Technische Hochschule - Swiss Federal Institute of Technology [Zürich], ITEM - Institute of Technology Management [St. Gallen] - HSG - University of St.Gallen
Kévin Huguenin: HEC Lausanne - Faculté des Hautes Etudes Commerciales (HEC Lausanne)
Maximilian Palmié: ITEM - Institute of Technology Management [St. Gallen] - HSG - University of St.Gallen
Dimitri Percia David: ETH Zürich - Eidgenössische Technische Hochschule - Swiss Federal Institute of Technology [Zürich], HEC Lausanne - Faculté des Hautes Etudes Commerciales (HEC Lausanne)

Post-Print from HAL

Abstract: Security information sharing (SIS) is an activity whereby individuals exchange information that is relevant to analyze or prevent cybersecurity incidents. However, despite technological advances and increased regulatory pressure, individuals still seem reluctant to share security information. Few contributions have addressed this conundrum to date. Adopting an interdisciplinary approach, our study proposes a behavioral framework that theorizes how and why human behavior and SIS may be associated. We use psychometric methods to test these associations, analyzing a unique sample of human Information Sharing and Analysis Centre (ISAC) members who share real security information. We also provide a dual empirical operationalization of SIS by introducing the measures of SIS frequency and intensity. We find significant associations between human behavior and SIS. Thus, the study contributes to clarifying why SIS, while beneficial, is underutilized by pointing to the pivotal role of human behavior for economic outcomes. It therefore extends the growing field of the economics of information security. By the same token, it informs managers and regulators about the significance of human behavior as they propagate goal alignment and shape institutions. Finally, the study defines a broad agenda for future research on SIS.

Keywords: security information sharing; incentives; psychometrics; economics of information security; behavioural economics; behavioral economics; behavioral psychology (search for similar items in EconPapers)
Date: 2019-08
New Economics Papers: this item is included in nep-cbe and nep-soc
Note: View the original document on HAL open archive server: https://hal.science/hal-02147702v1
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Published in Journal of Cybersecurity, 2019, 5 (1), pp.13. ⟨10.1093/cybsec/tyz006⟩

Downloads: (external link)
https://hal.science/hal-02147702v1/document (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:hal:journl:hal-02147702

DOI: 10.1093/cybsec/tyz006

Access Statistics for this paper

More papers in Post-Print from HAL
Bibliographic data for series maintained by CCSD ().