Cyber threat intelligence (CTI) provides actionable insights into the threat landscape, helping organizations strengthen their defenses. Because commercial CTI is costly, inter-organizational sharing can reduce expenses, yet adoption remains limited. Still, the design of effective incentives for CTI sharing and their embedding in a sharing platform remains underexplored. We conducted 15 semi-structured interviews with security professionals to elicit incentive requirements and design options. We find that organizations prefer to share CTI with known recipients to build trust and support GDPR compliance. They also value mechanisms that lower coordination costs, such as a reputation system and price guidance to help prioritize scarce analyst time. Further, a major barrier is skepticism about the net benefits of sharing. To address this, we propose financial compensation for contributed CTI and a marketing label that signals proactive cybersecurity to partners and customers. We implemented these incentives in a platform prototype and assessed their effects in 14 hands-on sessions with security experts. Participants reported increased willingness to share, suggesting that well-designed incentives can catalyze CTI-sharing ecosystems. Put simply, organizations can share and benefit.
Reittinger et al. (Thu,) studied this question.