<p>Competitive firms may share their digital resource to improve their efficiency in the industries of banks, insurance and hospitals. Their decisions about information security are important, but fail to receive enough attention. This paper examines two competitive firms’ information security investment and security information sharing through building a game-theoretic model in which these firms interact with one strategic hacker who launches cyber-attacks against them. We can obtain the following interesting findings: (a) when the efficiency of security information sharing remains low, resource sharing may hurt the firms because the security investment is restricted; (b) the firms may benefit from security competition that would urge security investment to effectively defend against cyber-attacks; (c) the firms may suffer from government intervention to raise their security awareness in that security information sharing is inhibited. We further discuss how the equilibrium outcomes of the firms and the hacker change when security decisions of the firms are made in a centralized way and made prior to cyber-attacks of the hacker respectively.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Information security investment and security information sharing for competitive firms with resource sharing

  • Boyuan Zhong,
  • Xing Gao,
  • Manting Qiu

摘要

Competitive firms may share their digital resource to improve their efficiency in the industries of banks, insurance and hospitals. Their decisions about information security are important, but fail to receive enough attention. This paper examines two competitive firms’ information security investment and security information sharing through building a game-theoretic model in which these firms interact with one strategic hacker who launches cyber-attacks against them. We can obtain the following interesting findings: (a) when the efficiency of security information sharing remains low, resource sharing may hurt the firms because the security investment is restricted; (b) the firms may benefit from security competition that would urge security investment to effectively defend against cyber-attacks; (c) the firms may suffer from government intervention to raise their security awareness in that security information sharing is inhibited. We further discuss how the equilibrium outcomes of the firms and the hacker change when security decisions of the firms are made in a centralized way and made prior to cyber-attacks of the hacker respectively.