Security Related Information Sharing among Firms: Potential Theoretical Explanations

Information technology (IT) related security crimes are on the rise, and are beginning to have a critical impact on firms. Considering the potential financial impact of IT security breaches on firms, effective IT security becomes the cornerstone of firm performance. In exploring effectives ways to guard against IT security crimes, a small group of IT firms came together to form Information Technology-Information Sharing and Analysis Center (IT-ISAC), an information sharing organization with the goal of sharing critical information with industry peers and competitors. In the context of IT-ISAC, member firms have to engage cooperative and competitive behaviors. Such simultaneous cooperation and competition among rival firms is called coopetition. However, there is no research that explores why IT firms engage in security information sharing with other firms including competitors. In exploring the coopetitive behaviors exhibited by firms participating in the sharing of IT security related information, this research analyzes existing literature streams to see if they can resolve this particular coopetition paradox. Specifically, this research (i) analyzes research streams on transaction cost theory (TCT), resource based view (RBV), competence based view (CBV), and relational view of the firm (RVF), and (ii) finds that, while TCT, RBV, and CBV fail to resolve the IT-ISAC information sharing paradox, RVF provides appropriate theoretical foundations for the resolution of the paradox. We conclude with a discussion of the implications of our paper for future research.

[1]  Robert J. Bennett,et al.  The Logic of Membership of Sectoral Business Associations , 2000 .

[2]  C. Oliver SUSTAINABLE COMPETITIVE ADVANTAGE: COMBINING INSTITUTIONAL AND RESOURCE- BASED VIEWS , 1997 .

[3]  J. Barney Strategic Factor Markets: Expectations, Luck, and Business Strategy , 1986 .

[4]  A. Hirschman,et al.  Shifting Involvements: Private Interest and Public Action , 1982 .

[5]  Huseyin Cavusoglu,et al.  Model for Evaluating , 2022 .

[6]  Rainer Hampp A competence-based theory of the firm Management Revue Provided in Cooperation with : , 2007 .

[7]  B. Ritt Critical infrastructure protection : Improving Information Sharing with Infrastructure Sectors , 2004 .

[8]  J. R. Moore,et al.  The theory of the growth of the firm twenty-five years after , 1960 .

[9]  X. Vives Duopoly information equilibrium: Cournot and bertrand , 1984 .

[10]  N. Foss Networks, capabilities, and competitive advantage , 1999 .

[11]  Richard N. Clarke Collusion and the Incentives for Information Sharing , 1983 .

[12]  Jeffrey H. Dyer,et al.  The Relational View: Cooperative Strategy and Sources of Interorganizational Competitive Advantage , 1998 .

[13]  Huseyin Cavusoglu,et al.  Economics of ITSecurity Management: Four Improvements to Current Security Practices , 2004, Commun. Assoc. Inf. Syst..

[14]  W. Powell,et al.  Interorganizational Collaboration and the Locus of Innovation: Networks of Learning in Biotechnology. , 1996 .

[15]  O. Williamson The Economics of Organization: The Transaction Cost Approach , 1981, American Journal of Sociology.

[16]  H. Simon,et al.  Models Of Man : Social And Rational , 1957 .

[17]  J. Barney Firm Resources and Sustained Competitive Advantage , 1991 .

[18]  Emma Disley,et al.  Incentives and Challenges for Information Sharing in the Context of Network and Information Security , 2012 .

[19]  X. Vives Trade Association Disclosure Rules, Incentives to Share Information, and Welfare , 1990 .

[20]  Lawrence A. Gordon,et al.  Sharing Information on Computer Systems Security: An Economic Analysis , 2003 .

[21]  H. Simon,et al.  A Behavioral Model of Rational Choice , 1955 .

[22]  R. Grant Chapter 8 – Prospering in Dynamically-Competitive Environments: Organizational Capability as Knowledge Integration , 1999 .

[23]  B. Kogut,et al.  Interfirm cooperation and startup innovation in the biotechnology industry , 1994 .

[24]  Joerg Freiling,et al.  A Competence-based Theory of the Firm , 2004 .

[25]  Huseyin Cavusoglu,et al.  The Value of Intrusion Detection Systems in Information Technology Security Architecture , 2005, Inf. Syst. Res..

[26]  B. Wernerfelt,et al.  A Resource-Based View of the Firm , 1984 .

[27]  T. Das,et al.  A Resource-Based Theory of Strategic Alliances , 2000 .

[28]  Karel Cool,et al.  Asset stock accumulation and sustainability of competitive advantage , 1989 .

[29]  Alision Joyce Kirby Trade associations as information exchange mechanisms , 1985 .

[30]  Joseph Dorfman,et al.  Institutional Economics , 2023 .

[31]  S. Stringer Economic Analysis , 2002, The Laryngoscope.

[32]  B. Kogut,et al.  INTERFIRM COOPERATION AND STARTUP INNOVATION IN THE BIOTECHNOLOGY INDUSTRY. , 1993 .

[33]  Wenpin Tsai Social Structure of Coopetition Within a Multiunit Organization: Coordination, Competition, and Intraorganizational Knowledge Sharing , 2002 .

[34]  James G. Combs,et al.  Strategic resources and performance: a meta‐analysis , 2008 .

[35]  Joan V. Robinson,et al.  The Nature of the Firm , 2004 .

[36]  Huseyin Cavusoglu,et al.  The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers , 2004, Int. J. Electron. Commer..

[37]  Anindya Ghose,et al.  The Economic Incentives for Sharing Security Information , 2004, Inf. Syst. Res..

[38]  Dovev Lavie The Competitive Advantage of Interconnected Firms: An Extension of the Resource-Based View , 2006 .

[39]  R. Gulati,et al.  The dynamics of learning alliances: competition, cooperation, and relative scope , 1998 .

[40]  J. Barney,et al.  Organizational Culture: Can It Be a Source of Sustained Competitive Advantage? , 1986 .

[41]  J. H. Dyer,et al.  Creating and managing a high‐performance knowledge‐sharing network: the Toyota case , 2000 .

[42]  D. Teece,et al.  DYNAMIC CAPABILITIES AND STRATEGIC MANAGEMENT , 1997 .

[43]  Albert O. Hirschman,et al.  Exit, Voice, and Loyalty , 1970 .