Comparison of information security decisions under different security and business environments

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

View graph of relations



Original languageEnglish
Pages (from-to)747-761
Journal / PublicationJournal of the Operational Research Society
Issue number5
Online published18 Jan 2018
Publication statusPublished - 2018


Serious information security breaches have caused firms to suffer from customer churns directly or indirectly. To prevent customer churns, firms usually enhance their security protection through two measures, i.e. security investment and security information sharing. Prior studies seldom consider security environment and business environment simultaneously when making a firm's optimal security decisions. Using game theory, this paper purports to demonstrate that a firm's security decisions under a competitive environment differ significantly from those under an integrated environment. Moreover, distortions may surface if firms do not cooperate on security practices. Thus, this paper further analyses the measures that a social planner such as the government or industry association controls firms' security decisions, and results show that these measures may not always be effective. Instead, social planners are recommended to enhance or attenuate the controlling level of the two security decisions based on realistic security and business environments.

Research Area(s)

  • competitive firm, information sharing, integrated firm, security externality, Security investment

Bibliographic Note

Full text of this publication does not contain sufficient affiliation information. With consent from the author(s) concerned, the Research Unit(s) information for this record is based on the existing academic department affiliation of the author(s).