EconPapers    
Economics at your fingertips  
 

The Economic Incentives for Sharing Security Information

Esther Gal-Or () and Anindya Ghose ()
Additional contact information
Anindya Ghose: Leonard Stern School of Business, New York University, New York, New York 10012

Information Systems Research, 2005, vol. 16, issue 2, 186-208

Abstract: Given that information technology (IT) security has emerged as an important issue in the last few years, the subject of security information sharing among firms, as a tool to minimize security breaches, has gained the interest of practitioners and academics. To promote the disclosure and sharing of cyber security information among firms, the U.S. federal government has encouraged the establishment of many industry-based Information Sharing and Analysis Centers (ISACs) under Presidential Decision Directive (PDD) 63. Sharing security vulnerabilities and technological solutions related to methods for preventing, detecting, and correcting security breaches is the fundamental goal of the ISACs. However, there are a number of interesting economic issues that will affect the achievement of this goal. Using game theory, we develop an analytical framework to investigate the competitive implications of sharing security information and investments in security technologies. We find that security technology investments and security information sharing act as “strategic complements” in equilibrium. Our results suggest that information sharing is more valuable when product substitutability is higher, implying that such sharing alliances yield greater benefits in more competitive industries. We also highlight that the benefits from such information-sharing alliances increase with the size of the firm. We compare the levels of information sharing and technology investments obtained when firms behave independently (Bertrand-Nash) to those selected by an ISAC, which maximizes social welfare or joint industry profits. Our results help us predict the consequences of establishing organizations such as ISACs, Computer Emergency Response Team (CERT), or InfraGard by the federal government.

Keywords: security technology investment; information sharing; security breaches; externality benefit; social welfare; spillover effect (search for similar items in EconPapers)
Date: 2005
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (59)

Downloads: (external link)
http://dx.doi.org/10.1287/isre.1050.0053 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:inm:orisre:v:16:y:2005:i:2:p:186-208

Access Statistics for this article

More articles in Information Systems Research from INFORMS Contact information at EDIRC.
Bibliographic data for series maintained by Chris Asher ().

 
Page updated 2025-03-19
Handle: RePEc:inm:orisre:v:16:y:2005:i:2:p:186-208