Firms may collaborate in order to mitigate security risks. However, prior economic arguments about the benefits and costs of sharing security information appear inconsistent. This paper uses social embeddedness to explain how restricted approaches to information sharing support inter-firm trust, problem-solving and collaboration while unrestricted sharing approaches can obstruct relationship-building. This social embeddedness perspective is supported using a case study of a large Asia-Pacific telecommunications provider. The results demonstrate the benefits of sharing security information with competitors. Empirically, investigations involving both internal and shared information have lower exposure and loss rates than cases where only internal controls are used. The study raises implications for both theory and practice.