Abstract
Serious information security breaches have caused firms to suffer from customer churns directly or indirectly. To prevent customer churns, firms usually enhance their security protection through two measures, i.e. security investment and security information sharing. Prior studies seldom consider security environment and business environment simultaneously when making a firm’s optimal security decisions. Using game theory, this paper purports to demonstrate that a firm’s security decisions under a competitive environment differ significantly from those under an integrated environment. Moreover, distortions may surface if firms do not cooperate on security practices. Thus, this paper further analyses the measures that a social planner such as the government or industry association controls firms’ security decisions, and results show that these measures may not always be effective. Instead, social planners are recommended to enhance or attenuate the controlling level of the two security decisions based on realistic security and business environments.
Acknowledgements
The authors are extremely grateful to the anonymous referees for their valuable and helpful comments and suggestions. This work was supported by the National Natural Science Foundation of China (Project No.: 71390333, 71572145).
Notes
This paper has been re-typeset by Taylor & Francis from the manuscript originally provided to the previous publisher.