Using incentives to foster security information sharing and cooperation: A general theory and application to critical infrastructure protection

Abstract

Various measures have been proposed to mitigate the underinvestment problem in cybersecurity. Investment models have theoretically demonstrated the potential application of security information sharing (SIS) to Critical Infrastructure Protection (CIP). However, the free rider problem remains a major pitfall, preventing the full potential benefits of SIS from being realised. This paper closes an important research gap by providing a theoretical framework linking incentives and voluntary SIS. This framework was applied to CIP through a case study of the Swiss Reporting and Analysis Centre for Information Security. The SIS model was used to analyse the incentive mechanisms that most effectively support SIS for CIP. Our work contribute to an understanding of the free rider problem that plagues the provision of the public good that is cybersecurity, and offer clues to its mitigation.