The Economic Incentives for Sharing Security Information
Given that Information Technology (IT) security has emerged as an important issue in the last few years, the subject of security information sharing among firms, as a tool to minimize security breaches, has gained the interest of practitioners and academics. To promote the disclosure and sharing of cyber-security information among firms, the US federal government has encouraged the establishment of many industry based Information Sharing & Analysis Centers (ISACs) under Presidential Decision Directive 63. Sharing security vulnerabilities and technological solutions related to methods for preventing, detecting and correcting security breaches, is the fundamental goal of the ISACs. However, there are a number of interesting economic issues that will affect the achievement of this goal. Using game theory, we develop an analytical framework to investigate the competitive implications of sharing security information and investments in security technologies. We find that security technology investments and security information sharing act as ``strategic complements'' in equilibrium. Our results suggest that information sharing is more valuable when product substitutability is higher, implying that such sharing alliances yield greater benefits in more competitive industries. We also highlight that the benefits from such information sharing alliances increase with the size of the firm. We compare the levels of information sharing and technology investments obtained when firms behave independently (Bertrand-Nash) to those selected by an ISAC which maximizes social welfare or joint industry profits. Our results help us predict the consequences of establishing organizations such as ISACs, CERT or InfraGard by the federal government.
Please report citation or reference errors to , or , if you are the registered author of the cited work, log in to your RePEc Author Service profile, click on "citations" and make appropriate adjustments.:
- Milgrom, Paul, 1994. "Comparing Optima: Do Simplifying Assumptions Affect Conclusions?," Journal of Political Economy, University of Chicago Press, vol. 102(3), pages 607-615, June.
- Groves, Theodore, 1973. "Incentives in Teams," Econometrica, Econometric Society, vol. 41(4), pages 617-631, July.
- Gal-Or, Esther, 1985. "Information Sharing in Oligopoly," Econometrica, Econometric Society, vol. 53(2), pages 329-343, March.
- Bulow, Jeremy I & Geanakoplos, John D & Klemperer, Paul D, 1985. "Multimarket Oligopoly: Strategic Substitutes and Complements," Journal of Political Economy, University of Chicago Press, vol. 93(3), pages 488-511, June.
- Timothy W. McGuire & Richard Staelin, 1983. "An Industry Equilibrium Analysis of Downstream Vertical Integration," Marketing Science, INFORMS, vol. 2(2), pages 161-191.
- Theodore Groves & Martin Loeb, 1974.
"Incentives and Public Inputs,"
29, Northwestern University, Center for Mathematical Studies in Economics and Management Science.
- Roger B. Myerson, 1978. "Optimal Auction Design," Discussion Papers 362, Northwestern University, Center for Mathematical Studies in Economics and Management Science.
- Roger B. Myerson & Mark A. Satterthwaite, 1981.
"Efficient Mechanisms for Bilateral Trading,"
469S, Northwestern University, Center for Mathematical Studies in Economics and Management Science.
- d'ASPREMONT, Claude & JACQUEMIN, Alexis, "undated".
"Cooperative and noncooperative R&D in duopoly with spillovers,"
CORE Discussion Papers RP
823, Université catholique de Louvain, Center for Operations Research and Econometrics (CORE).
- d'Aspremont, Claude & Jacquemin, Alexis, 1988. "Cooperative and Noncooperative R&D in Duopoly with Spillovers," American Economic Review, American Economic Association, vol. 78(5), pages 1133-1137, December.
- Carl Shapiro, 1986. "Exchange of Cost Information in Oligopoly," Review of Economic Studies, Oxford University Press, vol. 53(3), pages 433-446.
- Narasimhan, Chakravarthi, 1988. "Competitive Promotional Strategies," The Journal of Business, University of Chicago Press, vol. 61(4), pages 427-449, October.
- Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William, 2003. "Sharing information on computer systems security: An economic analysis," Journal of Accounting and Public Policy, Elsevier, vol. 22(6), pages 461-485.
- Roger B. Myerson, 1977.
"Incentive Compatability and the Bargaining Problem,"
284, Northwestern University, Center for Mathematical Studies in Economics and Management Science.
- Myerson, Roger B, 1979. "Incentive Compatibility and the Bargaining Problem," Econometrica, Econometric Society, vol. 47(1), pages 61-73, January.
When requesting a correction, please mention this item's handle: RePEc:wpa:wuwpio:0503004. See general information about how to correct material in RePEc.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (EconWPA)
If references are entirely missing, you can add them using this form.