{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,23]],"date-time":"2026-01-23T09:29:38Z","timestamp":1769160578247,"version":"3.49.0"},"reference-count":51,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2017,5,25]],"date-time":"2017-05-25T00:00:00Z","timestamp":1495670400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Games"],"abstract":"<jats:p>A four period game between two firms and two hackers is analyzed. The firms first defend and the hackers thereafter attack and share information. Each hacker seeks financial gain, beneficial information exchange, and reputation gain. The two hackers\u2019 attacks and the firms\u2019 defenses are inverse U-shaped in each other. A hacker shifts from attack to information sharing when attack is costly or the firm\u2019s defense is cheap. The two hackers share information, but a second more disadvantaged hacker receives less information, and mixed motives may exist between information sharing and own reputation gain. The second hacker\u2019s attack is deterred by the first hacker\u2019s reputation gain. Increasing information sharing effectiveness causes firms to substitute from defense to information sharing, which also increases in the firms\u2019 unit defense cost, decreases in each firm\u2019s unit cost of own information leakage, and increases in the unit benefit of joint leakage. Increasing interdependence between firms causes more information sharing between hackers caused by larger aggregate attacks, which firms should be conscious about. We consider three corner solutions. First and second, the firms deter disadvantaged hackers. When the second hacker is deterred, the first hacker does not share information. Third, the first hacker shares a maximum amount of information when certain conditions are met. Policy and managerial implications are provided for how firms should defend against hackers with various characteristics.<\/jats:p>","DOI":"10.3390\/g8020023","type":"journal-article","created":{"date-parts":[[2017,5,30]],"date-time":"2017-05-30T04:35:42Z","timestamp":1496118942000},"page":"23","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":31,"title":["Security Investment, Hacking, and Information Sharing between Firms and between Hackers"],"prefix":"10.3390","volume":"8","author":[{"given":"Kjell","family":"Hausken","sequence":"first","affiliation":[{"name":"Faculty of Social Sciences, University of Stavanger, 4036 Stavanger, Norway"}]}],"member":"1968","published-online":{"date-parts":[[2017,5,25]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1109\/MSP.2014.99","article-title":"Security automation and threat information-sharing options","volume":"12","author":"Kampanakis","year":"2014","journal-title":"IEEE Secur. Priv."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"214","DOI":"10.2307\/3003442","article-title":"Fulfilled expectations cournot duopoly with information acquisition and release","volume":"13","author":"Novshek","year":"1982","journal-title":"Bell J. Econ."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"329","DOI":"10.2307\/1911239","article-title":"Information sharing in oligopoly","volume":"53","year":"1985","journal-title":"Econometrica"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"433","DOI":"10.2307\/2297638","article-title":"Exchange of cost information in oligopoly","volume":"53","author":"Shapiro","year":"1986","journal-title":"Rev. Econ. Stud."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"138","DOI":"10.2307\/2555403","article-title":"Trade associations as information exchange mechanisms","volume":"19","author":"Kirby","year":"1988","journal-title":"RAND J. Econ."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"409","DOI":"10.2307\/2555617","article-title":"Trade association disclosure rules, incentives to share information, and welfare","volume":"21","author":"Vives","year":"1990","journal-title":"RAND J. Econ."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"241","DOI":"10.2753\/MIS0742-1222260308","article-title":"Risks and benefits of signaling information system characteristics to strategic attackers","volume":"26","author":"Cremonini","year":"2009","journal-title":"J. Manag. Inf. Syst."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Fultz, N., and Grossklags, J. (2009, January 23\u201326). Blue versus red: Towards a model of distributed security attacks. Proceedings of the Thirteenth International Conference Financial Cryptography and Data Security, Accra Beach, Barbados.","DOI":"10.1007\/978-3-642-03549-4_10"},{"key":"ref_9","unstructured":"Herley, C. (2013, January 11\u201312). Small world: Collisions among attackers in a finite population. Proceedings of the 12th Workshop on the Economics of Information Security (WEIS), Washington, DC, USA."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Lin, Y. (2003). The institutionalization of hacking practices. Ubiquity, 2003.","DOI":"10.1145\/766760.764028"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Sarvari, H., Abozinadah, E., Mbaziira, A., and Mccoy, D. (2014, January 17\u201318). Constructing and analyzing criminal networks. Proceedings of the IEEE Security and Privacy Workshops (SPW), San Jose, CA, USA.","DOI":"10.1109\/SPW.2014.22"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"489","DOI":"10.1287\/isre.2014.0527","article-title":"Cloud implications on software network structure and security risks","volume":"25","author":"August","year":"2014","journal-title":"Inf. Syst. Res."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"589","DOI":"10.25300\/MISQ\/2014\/38.2.12","article-title":"Quality competition and market segmentation in the security software market","volume":"38","author":"Dey","year":"2014","journal-title":"MIS Q."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"77","DOI":"10.2753\/MIS0742-1222290204","article-title":"Hacker behavior, network effects, and the security software market","volume":"29","author":"Dey","year":"2012","journal-title":"J. Manag. Inf. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"595","DOI":"10.2307\/25750693","article-title":"The impact of malicious agents on the enterprise software industry","volume":"34","author":"Galbreth","year":"2010","journal-title":"MIS Q."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1287\/isre.1120.0447","article-title":"Contracting information security in the presence of double moral hazard","volume":"24","author":"Xianjun","year":"2013","journal-title":"Inf. Syst. Res."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1287\/isre.1080.0174","article-title":"Choice and chance: A conceptual model of paths to information security compromise","volume":"20","author":"Ransbotham","year":"2009","journal-title":"Inf. Syst. Res."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"461","DOI":"10.1016\/j.jaccpubpol.2003.09.001","article-title":"Sharing information on computer systems security: An economic analysis","volume":"22","author":"Gordon","year":"2003","journal-title":"J. Account. Public Policy"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1287\/isre.1050.0053","article-title":"The economic incentives for sharing security information","volume":"16","author":"Ghose","year":"2005","journal-title":"Inf. Syst. Res."},{"key":"ref_20","first-page":"503","article-title":"Security investment and information sharing for defenders and attackers of information assets and networks","volume":"Volume 4","author":"Rao","year":"2009","journal-title":"Information Assurance, Security and Privacy Services, Handbooks in Information Systems"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"639","DOI":"10.1016\/j.jaccpubpol.2007.10.001","article-title":"Information sharing among firms and cyber attacks","volume":"26","author":"Hausken","year":"2007","journal-title":"J. Account. Public Policy"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"1682","DOI":"10.1057\/jors.2013.133","article-title":"A game-theoretic analysis of information sharing and security investment for complementary firms","volume":"65","author":"Gao","year":"2014","journal-title":"J. Oper. Res. Soc."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/j.dss.2011.05.007","article-title":"Knowledge sharing and investment decisions in information security","volume":"52","author":"Liu","year":"2011","journal-title":"Decis. Support Syst."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"103","DOI":"10.69554\/FARC5224","article-title":"Cyber security: A critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack","volume":"7","author":"Mallinder","year":"2013","journal-title":"J. Bus. Contin. Emerg. Plan."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"550","DOI":"10.1080\/01969722.2013.818433","article-title":"Comprehensive approach to information sharing for increased network security and survivability","volume":"44","author":"Choras","year":"2013","journal-title":"Cybern. Syst."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"223","DOI":"10.1016\/j.compedu.2013.05.010","article-title":"Information security\u2014Professional perceptions of knowledge-sharing intention under self-efficacy, trust, reciprocity, and shared-language","volume":"68","author":"Tamjidyamcholo","year":"2013","journal-title":"Comput. Educ."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1016\/j.cose.2014.03.004","article-title":"Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture","volume":"43","author":"Antonsen","year":"2014","journal-title":"Comput. Secur."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/j.cose.2014.02.010","article-title":"Evaluation model for knowledge sharing in information security professional virtual community","volume":"43","author":"Tamjidyamcholo","year":"2014","journal-title":"Comput. Secur."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"97","DOI":"10.2753\/MIS0742-1222260205","article-title":"Information security: Facilitating user precautions vis-\u00e0-vis enforcement against attackers","volume":"26","author":"Png","year":"2009","journal-title":"J. Manag. Inf. Syst."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"868","DOI":"10.1111\/j.1467-6451.2010.00435.x","article-title":"Network security: Vulnerabilities and disclosure policy","volume":"58","author":"Choi","year":"2010","journal-title":"J. Ind. Econ."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"43","DOI":"10.1016\/j.infoecopol.2006.10.001","article-title":"To disclose or not? An analysis of software user behavior","volume":"19","author":"Nizovtsev","year":"2007","journal-title":"Inf. Econ. Policy"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1287\/isre.1080.0226","article-title":"An empirical analysis of software vendors\u2019 patch release behavior: Impact of vulnerability disclosure","volume":"21","author":"Arora","year":"2010","journal-title":"Inf. Syst. Res."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"305","DOI":"10.2753\/MIS0742-1222280411","article-title":"Patch release behaviors of software vendors in response to vulnerabilities: An empirical analysis","volume":"28","author":"Temizkan","year":"2012","journal-title":"J. Manag. Inf. Syst."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1287\/isre.1050.0041","article-title":"The value of intrusion detection systems in information technology security architecture","volume":"16","author":"Cavusoglu","year":"2005","journal-title":"Inf. Syst. Res."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1257\/jep.23.3.3","article-title":"The economics of online crime","volume":"23","author":"Moore","year":"2009","journal-title":"J. Econ. Perspect."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.cose.2016.04.003","article-title":"A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing","volume":"60","author":"Skopik","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_37","first-page":"245","article-title":"A strategic analysis of information sharing among cyber attackers","volume":"12","author":"Hausken","year":"2015","journal-title":"J. Inf. Syst. Technol. Manag."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Hausken, K. (2017). Information sharing among cyber hackers in successive attacks. Int. Game Theory Rev., 19.","DOI":"10.1142\/S0219198917500104"},{"key":"ref_39","unstructured":"Raymond, E.S. (2008). The Cathedral & the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary, O\u2019Reilly Media."},{"key":"ref_40","unstructured":"Ritchie, C. (2000). A Look at the Security of the Open Source Development Model, Oregon State University. Technical Report."},{"key":"ref_41","unstructured":"Brunker, M. (2017, May 24). Hackers: Knights-Errant or Knaves? NBCNews. Available online: http:\/\/msnbc.msn.com\/id\/3078783."},{"key":"ref_42","unstructured":"Simon, H. (1969). The Sciences of the Artificial, MIT Press."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1086\/261974","article-title":"Anarchy and its breakdown","volume":"103","author":"Hirshleifer","year":"1995","journal-title":"J. Political Econ."},{"key":"ref_44","first-page":"224","article-title":"The welfare costs of tariffs, monopolies, and theft","volume":"5","author":"Tullock","year":"1967","journal-title":"West. Econ. J."},{"key":"ref_45","first-page":"267","article-title":"Raising rivals\u2019 costs","volume":"73","author":"Salop","year":"1983","journal-title":"Am. Econ. Rev."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1007\/s11127-005-1717-3","article-title":"Production and conflict models versus rent-seeking models","volume":"123","author":"Hausken","year":"2005","journal-title":"Public Choice"},{"key":"ref_47","unstructured":"Buchanan, J.M., Tollison, R.D., and Tullock, G. (1980). Efficient rent-seeking. Toward a Theory of the Rent-Seeking Society, Texas A. & M. University Press."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"231","DOI":"10.1023\/A:1024119208153","article-title":"Interdependent security","volume":"26","author":"Kunreuther","year":"2003","journal-title":"J. Risk Uncertain."},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"629","DOI":"10.1016\/j.jaccpubpol.2006.09.001","article-title":"Income, interdependence, and substitution effects affecting incentives for security investment","volume":"25","author":"Hausken","year":"2006","journal-title":"J. Account. Public Policy"},{"key":"ref_50","first-page":"421","article-title":"The strategy of model building in population biology","volume":"54","author":"Levins","year":"1966","journal-title":"Am. Sci."},{"key":"ref_51","unstructured":"Levins, R., and Lewontin, R. (1985). The Dialectical Biologist, Harvard University Press."}],"container-title":["Games"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-4336\/8\/2\/23\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:36:55Z","timestamp":1760207815000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-4336\/8\/2\/23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,5,25]]},"references-count":51,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2017,6]]}},"alternative-id":["g8020023"],"URL":"https:\/\/doi.org\/10.3390\/g8020023","relation":{},"ISSN":["2073-4336"],"issn-type":[{"value":"2073-4336","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,5,25]]}}}