Abstract
A four period game between two firms and two hackers is analyzed. The firms first defend and the hackers thereafter attack and share information. Each hacker seeks financial gain, beneficial information exchange, and reputation gain. The two hackers’ attacks and the firms’ defenses are inverse U-shaped in each other. A hacker shifts from attack to information sharing when attack is costly or the firm’s defense is cheap. The two hackers share information, but a second more disadvantaged hacker receives less information, and mixed motives may exist between information sharing and own reputation gain. The second hacker’s attack is deterred by the first hacker’s reputation gain. Increasing information sharing effectiveness causes firms to substitute from defense to information sharing, which also increases in the firms’ unit defense cost, decreases in each firm’s unit cost of own information leakage, and increases in the unit benefit of joint leakage. Increasing interdependence between firms causes more information sharing between hackers caused by larger aggregate attacks, which firms should be conscious about. We consider three corner solutions. First and second, the firms deter disadvantaged hackers. When the second hacker is deterred, the first hacker does not share information. Third, the first hacker shares a maximum amount of information when certain conditions are met. Policy and managerial implications are provided for how firms should defend against hackers with various characteristics.
Highlights
One benefit of information sharing for firms are that if several firms know what each firm knows individually, they may benefit collectively in preventing future security breaches
Information sharing among firms to defend against cyber attacks has received scrutiny
The first hacker chooses whether or not to attack, and if it attacks it chooses how much information to share with a second hacker
Summary
The Internet enables cyber hackers to attack and gain information from firms, requiring firms to design a variety of defensive security measures. Have been hacked that assessing who may be exempt is challenging or impossible. This raises the issue of counter measures. The gathering, analysis and sharing of information has been launched as one counter measure. One benefit of information sharing for firms are that if several firms know what each firm knows individually, they may benefit collectively in preventing future security breaches. That may improve their reputation, and enhance sales and profits. Hackers may be malevolent agents, but may be firms exploiting rival firms
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have