Abstract In today’s hyper-connected world, sharing cyber threat intelligence (CTI) is essential for strengthening collective defenses against an ever-evolving landscape of cyber threats. While most cybersecurity professionals acknowledge its importance, many believe their organizations could improve CTI sharing, highlighting ongoing challenges in translating recognition into practice. CTI sharing remains one of the most complex and underdeveloped areas of cybersecurity strategy, with challenges that extend far beyond the technology realm, exacerbated by the absence of a universally accepted definition of CTI, incompatible platforms, and multiple interpretations of trust related to sharing. Theoretical frameworks such as the economics of information exchange and human-to-technology trust that work well for explaining other forms of information sharing, fall short in comprehensively explaining the challenges of CTI sharing. This perspective calls for an expanded research agenda to uncover the underlying barriers to and enablers of CTI sharing. We highlight the unique nature of CTI, where the fusion of raw threat data with human insight distinguishes it from other forms of information exchange, complicating traditional models of data sharing. We develop our perspective beyond existing paradigms, informed by our theoretical repertoires and insights from forty interviewed cybersecurity professionals, to propose a structured approach toward evaluating CTI sharing. We conclude by presenting a conceptual framework that identifies ten factors shaping CTI sharing outcomes and offer a research agenda to advance the CTI sharing research and practice.
Abraham et al. (Wed,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: