EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker

Yong Wu (), Mengyao Xu (), Dong Cheng () and Tao Dai ()
Additional contact information
Yong Wu: Glorious Sun School of Business and Management, Donghua University, Shanghai 200051, China
Mengyao Xu: Glorious Sun School of Business and Management, Donghua University, Shanghai 200051, China
Dong Cheng: Glorious Sun School of Business and Management, Donghua University, Shanghai 200051, China
Tao Dai: Glorious Sun School of Business and Management, Donghua University, Shanghai 200051, China

Decision Analysis, 2022, vol. 19, issue 2, 99-122

Abstract: Information resources have been shared to promote the business operations of firms. However, the connection of business information sharing interfaces between firms has increased the attack surface and created opportunities for the hacker. We examine the benefits and risks of business information sharing for firms who exert security efforts against a strategic hacker that launches attacks subjectively. We show that two kinds of security efforts, security investment and security knowledge sharing, act as strategic substitutes when the business-sharing degree is low and act as strategic complements otherwise. Besides, the strategic hacker is not always aggressive, who will give up launching attack activities when the business-sharing degree is relatively low. Moreover, as a specific characteristic in the security domain, the risk interdependency first enhances and then suppresses both firms’ security investments and the hacker’s attack effort, which causes a free-riding problem for two firms. Then, two coordination mechanisms, an investment-based mechanism and liability-based mechanism, are proposed to help firms coordinate their strategies to reach socially optimal security levels. Last, we extend the main model to three cases to make our model more general. This paper provides the first evidence to assess the security risks exacerbated by business information sharing while considering a strategic hacker. Some management insights to managers for making security decisions are provided.

Keywords: security strategies; business information sharing; strategic hacker; incentive mechanisms (search for similar items in EconPapers)
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
http://dx.doi.org/10.1287/deca.2021.0442 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:inm:ordeca:v:19:y:2022:i:2:p:99-122

Access Statistics for this article

More articles in Decision Analysis from INFORMS Contact information at EDIRC.
Bibliographic data for series maintained by Chris Asher ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:inm:ordeca:v:19:y:2022:i:2:p:99-122