{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T06:59:05Z","timestamp":1763621945880,"version":"3.44.0"},"reference-count":43,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2025,8,29]],"date-time":"2025-08-29T00:00:00Z","timestamp":1756425600000},"content-version":"vor","delay-in-days":240,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,1,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>In today\u2019s hyper-connected world, sharing cyber threat intelligence (CTI) is essential for strengthening collective defenses against an ever-evolving landscape of cyber threats. While most cybersecurity professionals acknowledge its importance, many believe their organizations could improve CTI sharing, highlighting ongoing challenges in translating recognition into practice. CTI sharing remains one of the most complex and underdeveloped areas of cybersecurity strategy, with challenges that extend far beyond the technology realm, exacerbated by the absence of a universally accepted definition of CTI, incompatible platforms, and multiple interpretations of trust related to sharing. Theoretical frameworks such as the economics of information exchange and human-to-technology trust that work well for explaining other forms of information sharing, fall short in comprehensively explaining the challenges of CTI sharing. This perspective calls for an expanded research agenda to uncover the underlying barriers to and enablers of CTI sharing. We highlight the unique nature of CTI, where the fusion of raw threat data with human insight distinguishes it from other forms of information exchange, complicating traditional models of data sharing. We develop our perspective beyond existing paradigms, informed by our theoretical repertoires and insights from forty interviewed cybersecurity professionals, to propose a structured approach toward evaluating CTI sharing. We conclude by presenting a conceptual framework that identifies ten factors shaping CTI sharing outcomes and offer a research agenda to advance the CTI sharing research and practice.<\/jats:p>","DOI":"10.1093\/cybsec\/tyaf016","type":"journal-article","created":{"date-parts":[[2025,8,29]],"date-time":"2025-08-29T15:17:16Z","timestamp":1756480636000},"source":"Crossref","is-referenced-by-count":1,"title":["Promoting research on cyber threat intelligence sharing in ecosystems"],"prefix":"10.1093","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1369-0138","authenticated-orcid":false,"given":"Chon","family":"Abraham","sequence":"first","affiliation":[{"name":"Lawrence B. Pulley Principled Achievement Professor of Business, Mason School of Business, William & Mary , Williamsburg, Virginia 23187 ,","place":["United States"]}]},{"given":"France","family":"B\u00e9langer","sequence":"additional","affiliation":[{"name":"University Distinguished Professor, R. B. Pamplin Professor, Tom & Daisy Byrd Senior Faculty Fellow, Fellow of the Association for Information Systems, Virginia Tech , Blacksburg, Virginia 24061 ,","place":["United States"]}]},{"given":"Sally","family":"Daultrey","sequence":"additional","affiliation":[{"name":"Research Affiliate, Center for the Whole of Government, William & Mary , Williamsburg, Virginia 23187 ,","place":["United States"]}]}],"member":"286","published-online":{"date-parts":[[2025,8,29]]},"reference":[{"volume-title":"Global Cyber Threat Intelligence and Threat Intelligence Platform Growth Opportunities","year":"2024","author":"Frost & Sullivan","key":"2025090902060947800_bib1"},{"volume-title":"UN General Assembly adopts milestone cybercrime treaty","year":"2024","author":"Vibhu","key":"2025090902060947800_bib2"},{"article-title":"Improving cyber threat intelligence sharing","year":"2024","author":"Cyber Security Intelligence","key":"2025090902060947800_bib3"},{"key":"2025090902060947800_bib4","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2023.103352","article-title":"Cyber-threat intelligence for security decision-making: a review and research agenda for practice","volume":"132","author":"Ainslie","year":"2023","journal-title":"Comput Secur"},{"key":"2025090902060947800_bib5","doi-asserted-by":"publisher","first-page":"35","DOI":"10.2307\/25148667","article-title":"Why should i share? examining social capital and knowledge contribution in electronic networks of practice","volume":"29","author":"Wasko","year":"2005","journal-title":"MIS Quart"},{"key":"2025090902060947800_bib6","doi-asserted-by":"publisher","first-page":"531","DOI":"10.2307\/25148855","article-title":"Business familiarity as risk mitigation in software development outsourcing contracts","volume":"32","author":"Gefen","year":"2008","journal-title":"MIS Quart"},{"key":"2025090902060947800_bib7","doi-asserted-by":"publisher","first-page":"334","DOI":"10.1287\/isre.13.3.334.81","article-title":"Developing and validating trust measures for e-commerce: an integrative typology","volume":"13","author":"McKnight","year":"2002","journal-title":"Inf Syst Res"},{"journal-title":"Who can you trust?: how technology brought us together and why it might drive us apart","year":"2017","author":"Botsman","key":"2025090902060947800_bib8"},{"key":"2025090902060947800_bib9","doi-asserted-by":"publisher","first-page":"747","DOI":"10.2307\/25148708","article-title":"IT-dependent strategic initiatives and sustained competitive advantage: a review and synthesis of the literature","volume":"29","author":"Piccoli","year":"2005","journal-title":"MIS Quart"},{"key":"2025090902060947800_bib10","doi-asserted-by":"publisher","first-page":"473","DOI":"10.2307\/259290","article-title":"Initial Trust Formation in New Organizational Relationships","volume":"23","author":"McKnight","year":"1998","journal-title":"Acad Manage Rev"},{"key":"2025090902060947800_bib11","doi-asserted-by":"publisher","first-page":"1017","DOI":"10.2307\/41409971","article-title":"Privacy in the digital age: a review of information privacy research in information systems","volume":"35","author":"B\u00e9langer","year":"2011","journal-title":"MIS Quart"},{"key":"2025090902060947800_bib12","doi-asserted-by":"publisher","first-page":"573","DOI":"10.1111\/isj.12092","article-title":"The role of information systems research in shaping the future of information privacy","volume":"25","author":"B\u00e9langer","year":"2015","journal-title":"Inform Syst J"},{"key":"2025090902060947800_bib13","doi-asserted-by":"publisher","first-page":"709","DOI":"10.2307\/258792","article-title":"An integrative model of organizational trust","volume":"20","author":"Mayer","year":"1995","journal-title":"Acad Manage Rev"},{"key":"2025090902060947800_bib14","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1016\/j.jsis.2007.12.002","article-title":"Trust and risk in e-government adoption","volume":"17","author":"B\u00e9langer","year":"2008","journal-title":"J Strateg Inform Syst"},{"key":"2025090902060947800_bib15","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1016\/S0963-8687(02)00017-3","article-title":"Institution-based trust in interorganizational exchange relationships: the role of online B2B marketplaces on trust formation","volume":"11","author":"Pavlou","year":"2002","journal-title":"J Strateg Inform Syst."},{"article-title":"A \u2018Worst Nightmare\u2019 cyberattack: the untold story of the solarwinds hack","year":"2021","author":"Temple-Raston","key":"2025090902060947800_bib16"},{"article-title":"No more chewy centers: introducing the zero trust model of information security","year":"2010","author":"Kindervag","key":"2025090902060947800_bib17"},{"key":"2025090902060947800_bib18","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.CSWP.20","article-title":"Planning for a zero trust architecture: a planning guide for federal administrators","author":"Rose","year":"2022"},{"key":"2025090902060947800_bib19","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1201\/9781003338512","article-title":"Collating threat intelligence for zero trust future using open-source tools","volume-title":"Implementing Enterprise Cybersecurity with Opensource Software and Standard Architecture","author":"John","year":"2022"},{"key":"2025090902060947800_bib20","doi-asserted-by":"publisher","first-page":"3430","DOI":"10.1080\/00207543.2021.1884311","article-title":"The zero trust supply chain: managing supply chain risk in the absence of trust","volume":"59","author":"Collier","year":"2021","journal-title":"Int J Prod Res"},{"key":"2025090902060947800_bib21","doi-asserted-by":"publisher","DOI":"10.1109\/ICIOT.2018.00019","article-title":"Zero-trust hierarchical management in IoT","volume-title":"2018 IEEE International Congress on Internet of Things (ICIOT)","author":"Samaniego","year":"2018"},{"key":"2025090902060947800_bib22","doi-asserted-by":"publisher","first-page":"807","DOI":"10.1080\/02684527.2021.1938371","article-title":"Circulation, not cooperation: towards a new understanding of intelligence agencies as transnationally constituted knowledge providers","volume":"36","author":"Hoffmann","year":"2021","journal-title":"Intell Nation Secur"},{"key":"2025090902060947800_bib23","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1080\/00396338.2021.1906001","article-title":"Lessons of the solarwinds hack","volume":"63","author":"Willett","year":"2021","journal-title":"Survival"},{"key":"2025090902060947800_bib24","doi-asserted-by":"publisher","first-page":"567","DOI":"10.2307\/25750692","article-title":"Market value of voluntary disclosures concerning information security","volume":"34","author":"Gordon","year":"2010","journal-title":"MIS Quart"},{"key":"2025090902060947800_bib25","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1287\/isre.1050.0053","article-title":"The economic incentives for sharing security information","volume":"16","author":"Gal-Or","year":"2005","journal-title":"Inf Syst Res"},{"key":"2025090902060947800_bib26","doi-asserted-by":"publisher","first-page":"598","DOI":"10.1080\/07421222.2020.1790176","article-title":"The economics of sharing and information security","volume":"37","author":"Kauffman","year":"2020","journal-title":"J Manage Inform Syst"},{"key":"2025090902060947800_bib27","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1287\/isre.2015.0587","article-title":"Information disclosure and the diffusion of information security attacks","volume":"26","author":"Mitra","year":"2015","journal-title":"Inf Syst Res"},{"key":"2025090902060947800_bib28","doi-asserted-by":"publisher","first-page":"668","DOI":"10.1080\/07421222.2020.1790185","article-title":"Understanding security vulnerability awareness, firm incentives, and ICT development in Pan-Asia","volume":"37","author":"Zhuang","year":"2020","journal-title":"J Manage Inform Syst."},{"key":"2025090902060947800_bib29","first-page":"36","article-title":"Industrial ecology and competitiveness","volume":"2","author":"Etsy","year":"1998","journal-title":"J Ind Ecol"},{"key":"2025090902060947800_bib30","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyy008","article-title":"Threat intelligence sharing between cybersecurity vendors: network, dyadic, and agent views","volume":"4","author":"Zrahia","year":"2018","journal-title":"J Cybersecur"},{"key":"2025090902060947800_bib31","article-title":"The free rider problem","author":"Hardin","year":"2003","journal-title":"Stanf Encycl Philos"},{"article-title":"CISA faces challenges sharing cyber threat information as required by the Cybersecurity Act of 2015","year":"2024","author":"US Department of Homeland Security, Office of the Inspector General","key":"2025090902060947800_bib32"},{"article-title":"The untold story of NotPetya. The most devastating cyberattack in history","year":"2018","author":"McQuade","key":"2025090902060947800_bib33"},{"article-title":"Traffic Light Protocol (TLP) definitions and usage","year":"2022","author":"Cybersecurity and Infrastructure Security Agency (CISA)","key":"2025090902060947800_bib34"},{"volume-title":"Cyber intelligence tradecraft report: the state of cyber intelligence practices in the United States","year":"2019","author":"Ettinger","key":"2025090902060947800_bib35"},{"key":"2025090902060947800_bib36","first-page":"92","article-title":"A review and theoretical explanation of the \u2018Cyberthreat-Intelligence (CTI) capability\u2019 that needs to be fostered in information security practitioners and how this can be accomplished","author":"Shin","year":"2020","journal-title":"Comput Secur."},{"key":"2025090902060947800_bib37","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1080\/08850607.2016.1230701","article-title":"Cyber threat intelligence sharing frameworks","volume":"30","author":"Jasper","year":"2016","journal-title":"Int J Intell CounterIntell."},{"key":"2025090902060947800_bib38","doi-asserted-by":"crossref","first-page":"101589","DOI":"10.1016\/j.cose.2019.101589","article-title":"Cyber threat intelligence sharing: survey and research directions","volume":"87","author":"Wagner","year":"2019","journal-title":"Comput Secur."},{"key":"2025090902060947800_bib39","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-150","article-title":"Guide to cyber threat information sharing","volume-title":"NIST Special Publication 800-150","author":"Johnson","year":"2016"},{"key":"2025090902060947800_bib40","doi-asserted-by":"publisher","first-page":"694","DOI":"10.1080\/07421222.2020.1790186","article-title":"Semi-supervised cyber threat identification in dark net markets: a transductive and deep learning approach","volume":"37","author":"Ebrahimi","year":"2020","journal-title":"J Manage Inform Syst"},{"key":"2025090902060947800_bib41","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/978-3-319-78440-3","article-title":"Cybersecurity as an industry: a cyber threat intelligence perspective","volume-title":"The Palgrave Handbook of International Cybercrime and Cyberdeviance","author":"Samtani","year":"2020"},{"key":"2025090902060947800_bib42","doi-asserted-by":"crossref","first-page":"9634507","DOI":"10.1155\/2018\/9634507","article-title":"A novel trust taxonomy for shared cyber threat intelligence","volume":"2018","author":"Wagner","year":"2018","journal-title":"Secur Commun Netw."},{"key":"2025090902060947800_bib43","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1145\/2994539.2994542","article-title":"Misp: the design and implementation of a collaborative threat intelligence sharing platform","volume-title":"Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security","author":"Wagner","year":"2016"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf016\/64162255\/tyaf016.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf016\/64162255\/tyaf016.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,9]],"date-time":"2025-09-09T06:06:16Z","timestamp":1757397976000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyaf016\/8244123"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":43,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1,17]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyaf016","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"type":"print","value":"2057-2085"},{"type":"electronic","value":"2057-2093"}],"subject":[],"published-other":{"date-parts":[[2025]]},"published":{"date-parts":[[2025]]},"article-number":"tyaf016"}}