Network Effects and Data Breaches Thirty Sixth International Conference on Information Systems, Fort Worth 2015 1 Network Effects and Data Breaches: Investigating the Impact of Information Sharing and the Cyber Black Market Research-in-Progress Michele Maasberg The University of Texas at San Antonio 1 UTSA Circle, San Antonio, TX 78249 michele.maasberg@utsa.edu Charles Zhechao Liu The University of Texas at San Antonio 1 UTSA Circle, San Antonio, TX 78249 charles.liu@utsa.edu Abstract This paper was motivated by the growing data breach activities confronting organizations. Building on the literature on information sharing and network effects, we attempt to empirically examine how the number of security breaches may change as a result of two opposing network effects in the data breach battlefield, namely, the positive network effects driven by industry-wide information sharing efforts, and the negative network effects driven by the supply and demand changes in the underground cybercrime ecosystem, and whether a feedback loop can be formed so that the information sharing efforts can influence the costs and availability of malicious tools and suppress their demand. As one of the first studies to empirically examine the dynamics in the cybercrime economy, our research will provide important policy guidance to improve collaborative mechanisms to enhance industry wide information security, and illuminate a new way to monitor and curtail the flow of cyber-criminal activities. Keywords: Data breach, security, underground cyber black market, network effects, information sharing. Introduction Nowadays, on top of the harsh and turbulent business environments, firms are increasingly confronted with the challenge of protecting their information systems from data breaches, which have increased considerably within the past decade (Frei 2014). A data breach is a security incident in which the disclosure or potential exposure of data occurs, most often through external hacking (Verizon 2015). These attacks have been directed at a wide variety of organizations, and the majority of the attacks appear to be driven primarily by financial motives (Liu et al. 2011). According to a recent study conducted by Ponemon Institute, the probability of a data breach is largely based on the number of customer records a company maintains and varies across industries. Specifically, U.S. public sector organizations and consumer-intensive industries are far more likely to suffer a data breach than energy and industrial companies are. (Ponemon Institute, 2014). Due to the vast amount of customer data that need to be transmitted and stored in the business process, retailers are particularly vulnerable to data breach-related attacks (Mandiant 2015). For example, the reported frequency of point of sale (POS) intrusions, one of the most common security breach classification patterns, is highest in accomodation/food services and retail industries. The primary target in data breaches is organizational data or individual’s personally identifiable information (i.e., name, social security number, credit or debit card number) (Ponemon Institute 2014). Despite the growing awareness and efforts from retailers to fight this cybercrime, hackers continue to find unique ways to steal sensitive and valuable data from the retailers’ information systems and sell these data on the black