Maximizing the benefits from sharing cyber threat intelligence by government agencies and departments

Abstract

AbstractThe primary objective of the current study is to analytically examine the economic benefits an organization can obtain by receiving and processing cyber threat intelligence (CTI) shared by the US government. Our results show that the benefits from receiving CTI are closely associated with the difference between the threat level indicated by the CTI and the receiving organization’s prior belief of the threat level. In addition, for the same difference between the threat levels indicated by the CTI and the organization’s prior belief, our analyses show that the magnitude of adjustments to an organization’s cybersecurity investments is inversely related to the organization’s prior belief of the threat level. Thus, larger benefits can be obtained when the receiving organization’s prior belief of a threat level is lower. Taken together, our results suggest that the common belief that it is optimal for a federal government agency or department to focus on sharing CTI related to vulnerabilities with the highest threat level is misguided. More generally, the benefits from CTI sharing can be improved if producers of CTI could develop a clearer understanding of the prior beliefs that organizations have concerning their threat level and focus on sharing CTI that is significantly different from those prior beliefs.