Paying Firms to Share Cyber Threat Intelligence

Abstract

Effective cyber defense requires stakeholders to collaborate with each other and share cyber threat intelligence. Sharing such intelligence can improve the community’s cybersecurity posture, preventing others from being hacked or compromised. However, intelligence sharing is still relatively uncommon due in part to the associated costs as well as other legitimate concerns. In this paper, we ask how a central authority could employ monetary incentives to promote intelligence sharing among competitive firms. We propose a novel game-theoretic model of intelligence sharing and derive the minimal incentive payments which ensure that firms profitably share with their competitors. We investigate the value of being able to differentiate incentives among firms (i.e., paying a different amount to each firm), and show formally that the ability to differentiate is the most valuable when the network among firms is highly heterogeneous. Finally, we show that our results are sharp in an important sense: if the authority offers less than the minimal incentive to every firm, this can render no-sharing as the unique Nash equilibrium.