Abstract
This study examines a critical incentive alignment issue facing FS-ISAC (the information sharing alliance in the financial services industry). Failure to encourage members to share their IT security-related information has seriously undermined the founding rationale of FS-ISAC. Our analysis shows that many information sharing alliances' membership policies are plagued with the incentive misalignment issue and may result in a "free-riding" or "no information sharing" equilibrium. To address this issue, we propose a new information sharing membership policy that incorporates an insurance option and show that the proposed policy can align members' incentives and lead to a socially optimal outcome. Moreover, when a transfer payment mechanism is implemented, all member firms will be better off joining the insurance network. These results are demonstrated in a simulation in which IT security breach losses are compared both with and without participating in the proposed information sharing insurance plan.
Original language | English |
---|---|
Article number | 2 |
Pages (from-to) | 15-36 |
Number of pages | 22 |
Journal | Communications of the Association for Information Systems |
Volume | 34 |
Issue number | 1 |
DOIs | |
State | Published - 2014 |
Keywords
- Economic theory
- Game theory
- Information sharing
- Organization
- Security
- Simulation