Strategic Aspects of Cyber Risk Information Sharing

Laube S, Böhme R


Abstract
Cyber risk management largely reduces to a race for information between defenders of ICT systems and attackers. Defenders can gain advantage in this race by sharing cyber risk information with each other. Yet, they often exchange less information than is socially desirable, because sharing decisions are guided by selfish rather than altruistic reasons. A growing line of research studies these strategic aspects that drive defenders’ sharing decisions. The present survey systematizes these works in a novel framework. It provides a consolidated understanding of defenders’ strategies to privately or publicly share information and enables us to distill trends in the literature and identify future research directions. We reveal that many theoretical works assume cyber risk information sharing to be beneficial, while empirical validations are often missing.

Keywords
Security information sharing, cyber risk management



Publication type
Article in Journal

Peer reviewed
Yes

Publication status
Published

Year
2017

Journal
ACM Computing Surveys

Volume
50

Issue
5

DOI

Full text