Security Related Information Sharing Among Firms: Potential Theoretical Explanations Completed Research

Information technology (IT) related security crimes are on the rise, and are beginning to have a critical impact on firms. Considering the potential financial impact of IT security breaches on firms, effective IT security becomes the cornerstone of firm performance. In exploring effectives ways to guard against IT security crimes, a small group of IT firms came together to form Information Technology-Information Sharing and Analysis Center (IT-ISAC), an information sharing organization with the goal of sharing critical information with industry peers and competitors. In the context of IT-ISAC, member firms have to engage cooperative and competitive behaviors. Such simultaneous cooperation and competition among rival firms is called coopetition. However, there is no research that explores why IT firms engage in security information sharing with other firms including competitors. In exploring the coopetitive behaviors exhibited by firms participating in the sharing of IT security related information, this research analyzes existing literature streams to see if they can resolve this particular coopetition paradox. Specifically, this research (i) analyzes research streams on transaction cost theory (TCT), resource based view (RBV), competence based view (CBV), and relational view of the firm (RVF), and (ii) finds that, while TCT, RBV, and CBV fail to resolve the IT-ISAC information sharing paradox, RVF provides appropriate theoretical foundations for the resolution of the paradox. We conclude with a discussion of the implications of our paper for future research.