Supply chain cybersecurity investments with interdependent risks under different information exchange modes

Abstract

Cybersecurity presents non-negligible challenges for firm collaboration and supply chain viability, as information exchange among nodes introduces potential interdependent risks. How to make appropriate decisions on security investments and information exchange modes is a significant issue for supply chain members. Considering two information exchange modes: system interconnection and system independence, this study develops two game models to investigate the cybersecurity investments in a vertical supply chain composed of a retailer and n suppliers. Initial analysis shows that although firms learn investment decisions mutually in the face of a changing cybersecurity environment, suppliers always take a free ride on the efforts of retailer in two cases and the increased interdependent risks will damp nodes enthusiasm for security investments. Next, to compare the two cases, we introduce information exchange efficiency as the mediate parameter to link degree of system interconnection and proportion of information shared. We found that under the system independence mode, firms with high information-exchanging demand in the large-scale supply chain are more motivated to invest in cybersecurity. Furthermore, we extend our models to a centralised decision-making scenario. We find that security investment efficiency is greatly improved, and the free-riding behaviour of supplier is significantly reduced when systems are interconnected.

Keywords:

• Cybersecurity investments
• interdependent security
• system interconnection
• system independence
• supply chain

Data availability statement

Data supporting the findings of this study are available on a reasonable request from the authors.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Correction Statement

This article has been corrected with minor changes. These changes do not impact the academic content of the article.

Notes

1 n = 25 means 25 suppliers. We conservatively estimate that the cost of supplier leakage is $2 million according to the survey of Ponemon Institute 2020. Set s = 1. Other relevant parameters take intermediate values to ensure the accuracy of numerical simulation.

Additional information

Funding

This work was supported by the 100 Youth Research Projects Foundation (Grant No. GDMUD2022012), Doctoral Starting up Foundation of Guangdong Medical university (Grant No. 4SG22225G), Research and Innovation Platform Construction Plan funds of Wuhan College (Grant No. KYP201901), and Outstanding Young and Middle-Aged Scientific and Technological Innovation Team Funds of Hubei Universities (Grant No. T2022056).

Notes on contributors

Lu Xu

Lu Xu is a researcher and assistant professor at Guangdong Medical University for information security management. She earned her doctoral degree and master degree in Management Science and Engineering from Central China Normal University in China. Her research interests include supply chain management, cybersecurity and healthcare information security. Her PhD thesis Information security investment decision-making in the supply chain with security interdependence received excellent doctoral thesis award of Central China Normal University in 2021.

Yanhui Li

Yanhui Li is a professor of information management at Central China Normal University. His main research and work interests include logistics system engineering, supply chain management and e-commerce. His publication list includes around 100 publications, including over 60 papers in international academic journals. He is also an anonymous reviewer of academic journals, such as IJPR, EJOR, OMEGA and TRE.

Yanwei Lin

Yanwei Lin is an associate professor at Guangdong Medical University for information management. She received her PhD in Sun Yat-sen University of China. Her main research interests are cybersecurity, healthcare information management, and statistics and analysis of social health information. She presided over the National Natural Science Foundation of China (NSFC) project and published more than 20 papers in international journals.

Chaofeng Tang

Chaofeng Tang is a researcher and assistant professor at Guangdong Medical University for economics management. He earned his doctoral degree and master degree in graduate school of humanities and social sciences of Saitama University in Japan. His research interests include health economy and big data processing. He published many papers in international journals.

Qi Yao

Qi Yao is an associate professor of Business School at Wuhan College in China. Her research interests include supply chain management and transportation optimisation. She guided students to participate in innovation and entrepreneurship competition, and won the honorary title of excellent instructor.