Knowledge Sharing and Investment Decisions in Information Security

University of Alberta School of Business Research Paper No. 2013-652

Decision Support Systems Volume 52, Issue 1, December 2011, Pages 95–107

Posted: 2 Jul 2013

See all articles by Yonghua Ji

Yonghua Ji

University of Alberta - Department of Accounting, Operations & Information Systems

Vijay Mookerjee

University of Texas at Dallas - Naveen Jindal School of Management

Dengpan Liu

University of Alabama in Huntsville - College of Business Administration

Date Written: December 1, 2010

Abstract

We study the relationship between decisions made by two similar firms pertaining to knowledge sharing and investment in information security. The analysis shows that the nature of information assets possessed by the two firms, either complementary or substitutable, plays a crucial role in influencing these decisions. In the complementary case, we show that the firms have a natural incentive to share security knowledge and no external influence to induce sharing is needed. However, the investment levels chosen in equilibrium are lower than optimal, an aberration that can be corrected using coordination mechanisms that reward the firms for increasing their investment levels. In the substitutable case, the firms fall into a Prisoners' Dilemma trap where they do not share security knowledge in equilibrium, despite the fact that it is beneficial for both of them to do so. Here, the beneficial role of a social planner to encourage the firms to share is indicated. However, even when the firms share in accordance to the recommendations of a social planner, the level of investment chosen by the firms is sub-optimal. The firms either enter into an “arms race” where they over-invest or reenact the under-investment behavior found in the complementary case. Once again, this sub-optimal behavior can be corrected using incentive mechanisms that penalize for over-investment and reward for increasing the investment level in regions of under-investment. The proposed coordination schemes, with some modifications, achieve the socially optimal outcome even when the firms are risk-averse. Implications for information security vendors, firms, and social planner are discussed.

Keywords: Security investment, Knowledge sharing, Coordination scheme, Nash equilibrium, Taylor series approximation

Suggested Citation

Ji, Yonghua and Mookerjee, Vijay and Liu, Dengpan, Knowledge Sharing and Investment Decisions in Information Security (December 1, 2010). University of Alberta School of Business Research Paper No. 2013-652, Decision Support Systems Volume 52, Issue 1, December 2011, Pages 95–107, Available at SSRN: https://ssrn.com/abstract=2275499

Yonghua Ji (Contact Author)

University of Alberta - Department of Accounting, Operations & Information Systems ( email )

Edmonton, Alberta T6G 2R6
Canada

Vijay Mookerjee

University of Texas at Dallas - Naveen Jindal School of Management ( email )

P.O. Box 830688
Richardson, TX 75083-0688
United States

Dengpan Liu

University of Alabama in Huntsville - College of Business Administration ( email )

Huntsville, AL 35899
United States
2568246826 (Phone)

HOME PAGE: http://cba.uah.edu/is/liu

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
1,101
PlumX Metrics