This file is part of IDEAS, which uses RePEc data


[ Papers | Articles | Software | Books | Chapters | Authors | Institutions | JEL Classification | NEP reports | Search | New papers by email | Author registration | Rankings | Volunteers | FAQ | Blog | Help! ]

The Economic Incentives for Sharing Security Information

Author info | Abstract | Publisher info | Download info | Related research | Statistics
Author Info
Esther Gal-Or (Katz School, University of Pittsburgh)
Anindya Ghose (Stern School, New York University)

Additional information is available for the following registered author(s):

Abstract

Given that Information Technology (IT) security has emerged as an important issue in the last few years, the subject of security information sharing among firms, as a tool to minimize security breaches, has gained the interest of practitioners and academics. To promote the disclosure and sharing of cyber-security information among firms, the US federal government has encouraged the establishment of many industry based Information Sharing & Analysis Centers (ISACs) under Presidential Decision Directive 63. Sharing security vulnerabilities and technological solutions related to methods for preventing, detecting and correcting security breaches, is the fundamental goal of the ISACs. However, there are a number of interesting economic issues that will affect the achievement of this goal. Using game theory, we develop an analytical framework to investigate the competitive implications of sharing security information and investments in security technologies. We find that security technology investments and security information sharing act as ``strategic complements'' in equilibrium. Our results suggest that information sharing is more valuable when product substitutability is higher, implying that such sharing alliances yield greater benefits in more competitive industries. We also highlight that the benefits from such information sharing alliances increase with the size of the firm. We compare the levels of information sharing and technology investments obtained when firms behave independently (Bertrand-Nash) to those selected by an ISAC which maximizes social welfare or joint industry profits. Our results help us predict the consequences of establishing organizations such as ISACs, CERT or InfraGard by the federal government.

Download Info
To download:

If you experience problems downloading a file, check if you have the proper application to view it first. Information about this may be contained in the File-Format links below. In case of further problems read the IDEAS help file. Note that these files are not on the IDEAS site. Please be patient as the files may be large.

File URL: http://129.3.20.41/eps/io/papers/0503/0503004.pdf
File Format: application/pdf
File Function:
Download Restriction: no

Publisher Info
Paper provided by EconWPA in its series Industrial Organization with number 0503004.

Download reference. The following formats are available: HTML (with abstract), plain text (with abstract), BibTeX, RIS (EndNote), ReDIF
Length: 41 pages
Date of creation: 13 Mar 2005
Date of revision:
Handle: RePEc:wpa:wuwpio:0503004

Note: Type of Document - pdf; pages: 41
Contact details of provider:
Web page: http://129.3.20.41

For technical questions regarding this item, or to correct its listing, contact: (EconWPA).

Related research
Keywords: Technology Investment; Information Sharing; Security Breaches; Externality Benefit; Spillover Effect; Social Welfare;

Other versions of this item:

Find related papers by JEL classification:
L - Industrial Organization

This paper has been announced in the following NEP Reports:

References listed on IDEAS
Please report citation or reference errors to , or , if you are the registered author of the cited work, log in to your RePEc Author Service profile, click on "citations" and make appropriate adjustments.:
  1. d'Aspremont, Claude & Jacquemin, Alexis, 1988. "Cooperative and Noncooperative R&D in Duopoly with Spillovers," American Economic Review, American Economic Association, vol. 78(5), pages 1133-37, December. [Downloadable!] (restricted)
  2. Bulow, Jeremy I & Geanakoplos, John D & Klemperer, Paul D, 1985. "Multimarket Oligopoly: Strategic Substitutes and Complements," Journal of Political Economy, University of Chicago Press, vol. 93(3), pages 488-511, June. [Downloadable!] (restricted)
  3. Groves, Theodore & Loeb, Martin, 1975. "Incentives and public inputs," Journal of Public Economics, Elsevier, vol. 4(3), pages 211-226, August. [Downloadable!] (restricted)
    Other versions:
  4. Milgrom, Paul, 1994. "Comparing Optima: Do Simplifying Assumptions Affect Conclusions?," Journal of Political Economy, University of Chicago Press, vol. 102(3), pages 607-15, June. [Downloadable!] (restricted)
  5. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William, 2003. "Sharing information on computer systems security: An economic analysis," Journal of Accounting and Public Policy, Elsevier, vol. 22(6), pages 461-485. [Downloadable!] (restricted)
  6. Gal-Or, Esther, 1985. "Information Sharing in Oligopoly," Econometrica, Econometric Society, vol. 53(2), pages 329-43, March. [Downloadable!] (restricted)
  7. Groves, Theodore, 1973. "Incentives in Teams," Econometrica, Econometric Society, vol. 41(4), pages 617-31, July. [Downloadable!] (restricted)
  8. Myerson, Roger B, 1979. "Incentive Compatibility and the Bargaining Problem," Econometrica, Econometric Society, vol. 47(1), pages 61-73, January. [Downloadable!] (restricted)
    Other versions:
  9. Amir Ziv, 1993. "Information Sharing in Oligopoly: The Truth-Telling Problem," RAND Journal of Economics, The RAND Corporation, vol. 24(3), pages 455-465, Autumn. [Downloadable!] (restricted)
  10. Shapiro, Carl, 1986. "Exchange of Cost Information in Oligopoly," Review of Economic Studies, Blackwell Publishing, vol. 53(3), pages 433-46, July. [Downloadable!] (restricted)
  11. Narasimhan, Chakravarthi, 1988. "Competitive Promotional Strategies," Journal of Business, University of Chicago Press, vol. 61(4), pages 427-49, October. [Downloadable!] (restricted)
  12. Xavier Vives, 1990. "Trade Association Disclosure Rules, Incentives to Share Information, and Welfare," RAND Journal of Economics, The RAND Corporation, vol. 21(3), pages 409-430, Autumn. [Downloadable!] (restricted)
Full references

Cited by:
(explanations, Please report citation or reference errors to , or , if you are the registered author of the cited work, log in to your RePEc Author Service profile, click on "citations" and make appropriate adjustments.)

  1. Alfredo Garcia & Barry Horowitz, 2007. "The potential for underinvestment in internet security: implications for regulatory policy," Journal of Regulatory Economics, Springer, vol. 31(1), pages 37-55, February. [Downloadable!] (restricted)
Statistics
Access and download statistics

Did you know? You can use convenient plug-ins to search directly IDEAS from your browser.

This page was last updated on 2009-7-2.

This information is provided to you by IDEAS at the Department of Economics, College of Liberal Arts and Sciences, University of Connecticut using RePEc data on a server sponsored by the Society for Economic Dynamics.