Abstract

We investigate the economic ramifications of strategic IT security information sharing among firms in the financial services industry. An IT security information sharing system can potentially minimize security breaches. However, although the Presidential Decision Directive/NSC-63 encouraged the establishment of such a system in the form of industry based information sharing and analysis centers (ISACs), it is injudicious to assume that firms will be willing to naively share their security information with their strategic competitors. We argue that without a proper mechanism some firms will try to put in minimum effort, potentially reducing the system’s reliability, and aim to answer the following research question: “What will it take for a financial services firm to willingly share its strategic information technology security information with its competitors through an ISAC?” We use the theory of mechanism design in economics to develop an adverse selection model to address the question.

Share

COinS