The primary objective of the current study is to analytically examine the economic benefits an organization can obtain by receiving and processing cyber threat intelligence (CTI) shared by the US government. Our results show that the benefits from receiving CTI are closely associated with the difference between the threat level indicated by the CTI and the receiving organization’s prior belief of the threat level. In addition, for the same difference between the threat levels indicated by the CTI and the organization’s prior belief, our analyses show that the magnitude of adjustments to an organization’s cybersecurity investments is inversely related to the organization’s prior belief of the threat level. Thus, larger benefits can be obtained when the receiving organization’s prior belief of a threat level is lower. Taken together, our results suggest that the common belief that it is optimal for a federal government agency or department to focus on sharing CTI related to vulnerabilities with the highest threat level is misguided. More generally, the benefits from CTI sharing can be improved if producers of CTI could develop a clearer understanding of the prior beliefs that organizations have concerning their threat level and focus on sharing CTI that is significantly different from those prior beliefs.

中文翻译：

---

最大限度地从政府机构和部门共享网络威胁情报中获益

当前研究的主要目标是分析检查组织通过接收和处理美国政府共享的网络威胁情报 (CTI) 可以获得的经济利益。我们的结果表明，接收 CTI 的好处与 CTI 指示的威胁级别与接收组织先前对威胁级别的看法之间的差异密切相关。此外，对于 CTI 指示的威胁级别与组织先前的信念之间的相同差异，我们的分析表明，对组织网络安全投资的调整幅度与组织对威胁级别的先前信念负相关。因此，当接收组织对威胁级别的先前信念较低时，可以获得更大的收益。综合起来，我们的结果表明，人们普遍认为，联邦政府机构或部门最好专注于共享与威胁级别最高的漏洞相关的 CTI，这是错误的。更一般地说，如果 CTI 的生产者能够更清楚地了解组织对其威胁级别的先前信念，并专注于共享与这些先前信念显着不同的 CTI，则可以提高 CTI 共享的好处。