Information Sharing in Cybersecurity: A Review

Cyberattacks are growing in both frequency and severity, prompting significant increases in cyber-defense investments. This review synthesizes insights from 82 research papers examining information sharing as a strategy to enhance cybersecurity effectiveness while reducing associated costs. The authors identify three primary barriers to successful information sharing: establishing trust between parties, verifying the accuracy of shared information, and mitigating the freeloader problem, wherein some actors benefit from shared knowledge without contributing themselves. These challenges affect both private sector entities and public organizations alike. The review analyzes incentives for information sharing from both defender and attacker perspectives, providing a balanced view of strategic motivations. In addition, it surveys recent technical advancements that facilitate secure information exchange, explores the legal frameworks and policy mechanisms governing such practices, and applies game-theoretic and other analytical approaches to understand sharing dynamics. The authors highlight several key directions for future research, including the role of risk profiles, cultural influences, the nature and classification of shared information, financial subsidization strategies, pathways for international collaboration, and approaches to cyber deterrence.