Start Date

12-13-2015

Description

This paper was motivated by the growing data breach activities confronting organizations. Building on the literature on information sharing and network effects, we attempt to empirically examine how the number of security breaches may change as a result of two opposing network effects in the data breach battlefield, namely, the positive network effects driven by industry-wide information sharing efforts, and the negative network effects driven by the supply and demand changes in the underground cybercrime ecosystem, and whether a feedback loop can be formed so that the information sharing efforts can influence the costs and availability of malicious tools and suppress their demand. As one of the first studies to empirically examine the dynamics in the cybercrime economy, our research will provide important policy guidance to improve collaborative mechanisms to enhance industry wide information security, and illuminate a new way to monitor and curtail the flow of cyber-criminal activities.

Share

COinS
 
Dec 13th, 12:00 AM

Network Effects and Data Breaches: Investigating the Impact of Information Sharing and the Cyber Black Market

This paper was motivated by the growing data breach activities confronting organizations. Building on the literature on information sharing and network effects, we attempt to empirically examine how the number of security breaches may change as a result of two opposing network effects in the data breach battlefield, namely, the positive network effects driven by industry-wide information sharing efforts, and the negative network effects driven by the supply and demand changes in the underground cybercrime ecosystem, and whether a feedback loop can be formed so that the information sharing efforts can influence the costs and availability of malicious tools and suppress their demand. As one of the first studies to empirically examine the dynamics in the cybercrime economy, our research will provide important policy guidance to improve collaborative mechanisms to enhance industry wide information security, and illuminate a new way to monitor and curtail the flow of cyber-criminal activities.