To share or not to share: a behavioral perspective on human participation in security information sharing by Alain Mermoud, Marcus Matthias Keupp, Ke´vin Huguenin, Maximilian Palmie´, and Dimitri Percia David centralizes on the correlation between human behavior and security information sharing. Security information sharing or SIS is the process which individuals share information that is pertinent to stopping cyberattacks. Some of the thing’s SIS is used for includes identifying vulnerabilities, and to prevent phishing attempts, malware attacks, and data breaches, and many more.

There has been a gap identified between human behavior and SIS and why individuals are reluctant to participate in SIS. The author uses economics and behavioral research theory to explain that individual interest does not always align with collective or organizational interest. This is implying that individuals do not participate in SIS even though there is a greater benefit to all. Behavioral theory is also used to explain that we are loss averse, seek reciprocity or equality when engaging in economic exchange, and that our attitudes good or bad influence how we engage in SIS. Trust, reputation, interaction effect, and cost of execution also factor into our perspective on SIS.

The study centers on 424 members of the ISAC, which consist of senior cybersecurity management in the private and public sector. The study used a psychometric approach to organize constructs. The measures of data were intensity of SIS, frequency, attitude, social reciprocity, transactional reciprocity, reputation, executional cost, and trust. This was approach was turned in to an anonymous online survey.

The results of the survey explained that a positive attitude towards SIS results in great intensity. Social reciprocity correlates with intensity and frequency, implying that individuals see the value in the relationship. Transactional reciprocity correlates with frequency. Executional cost has a negative impact on frequency and intensity. Since we are loss averse, the greater the loss the less likely we are to engage. Trust impacts SIS similarly to attitude. This study aids in explain how individuals behave in society when they are not the sole beneficiary of an action. This thinking can be applied to many other behaviors we are asked to engage in that do not directly benefit us in the moment but may help others. For example, these same constructs could apply to how we view charity or laws that impact marginalized groups but not the individual engaging in the activity.

Reference

Mermoud, A., Keupp, M. M., Huguenin, K., Palmié, M., & Percia David, D. (2019). To Share or not to Share: A Behavioral Perspective on Human Participation in Security Information Sharing. Journal of Cybersecurity, 5(1), 1–13. https://doi.org/10.1093/cybsec/tyz006