Cyber Risk Information Sharing with Authorities
Cyber risk management largely reduces to a race for information between attackers and defenders of ICT systems. Defenders can gain advantage in this race by sharing cyber risk information with each other. Yet, defenders often exchange less information than is socially desirable, as their decisions are guided by selfish reasons. This can motivate regulators to enact laws mandating defenders' information exchange. In particular in Europe, many laws oblige defenders' information sharing with authorities, who in turn can advise others to strengthen the overall defense in the economy. This dissertation sheds first light into the economics of cyber risk information sharing with authorities.
Cyber risk management; information sharing; policy; game-theory