Security Decisions in a Networked Supply Chain with Integration

  • Han-yue Zhang
  • Jing XieEmail author
Conference paper


Communication network provides an important premise for the development of supply chain integration, but also brings more and more severe information security risks. Thus, the information security of each firm depends both on the firm’s own investment, as well as on the strategies of security made by supply chain firms. Using game theory model, this paper discusses the investment on security and sharing of the security information of the supply chain firms. Particularly, we analyze the impact of supply chain’s integration, and inherent vulnerability of network on firms’ security strategies. The results show that if a firm increases the investment on security, the other firm tends to free-riding. In addition, compared with the joint decision-making of firms, they will have less security investment when making decisions separately. Hence, firms should better form an information-sharing alliance to coordinate their security decisions.


Security information sharing Security investment Integration degree 


  1. 1.
    T. Bandyopadhyay, V. Jacob, S. Raghunathan, Information security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest. Inf. Technol. Manag. 11(1), 7–23 (2010)CrossRefGoogle Scholar
  2. 2.
    R. Anderson, Why cryptosystems fail, in Proceedings of the 1st ACM Conference on Computer and Communications Security, New York, USA, pp. 215–227, 1993Google Scholar
  3. 3.
    R. Anderson, T. Moore, The economics of information security. Science 314(5799), 610–613 (2006)CrossRefGoogle Scholar
  4. 4.
    L. Gordon, M. Loeb, W. Lucyshyn, Sharing information on computer systems security: an economic analysis. J. Account. Public Policy 22(6), 461–485 (2003)CrossRefGoogle Scholar
  5. 5.
    M.H.R. Khouzani, V. Pham, C. Cid, Strategic discovery and sharing of vulnerabilities in competitive environments, in International Conference on Decision and Game Theory for Security. Springer International Publishing, pp. 59–78 (2014)Google Scholar
  6. 6.
    H. Varian, System reliability and free riding. Econ. Inf. Secur. 2(5799), 1–15 (2004)Google Scholar
  7. 7.
    L. Gordon, M. Loeb, The economics of information security investment. ACM Trans. Inf. Syst. Secur. 5(4), 438–457 (2002)CrossRefGoogle Scholar
  8. 8.
    W. Novshek, H. Sonnenschein, Fulfilled expectations in Cournot duopoly with information acquisition and release. Bell J. Econ. 13(1), 214–218 (1982)CrossRefGoogle Scholar
  9. 9.
    D. Fried, Incentives for information production and disclosure in a duopolistic environment. Q. J. Econ. 99(2), 367–381 (1984)CrossRefGoogle Scholar
  10. 10.
    E. Gal-Or, Information sharing in oligopoly. Econometrica 53(2), 329–343 (1985)CrossRefGoogle Scholar
  11. 11.
    E. Gal-Or, A. Ghose, The economic incentives for sharing security information. Inf. Syst. Res. 16(2), 186–208 (2005)CrossRefGoogle Scholar
  12. 12.
    D. Liu, Y. Ji, V. Mookerjee, Knowledge sharing and investment decisions in information security. Decis. Support Syst. 52, 95–107 (2011)CrossRefGoogle Scholar
  13. 13.
    H. Ogut, N. Menon, S. Raghunathan, Cyber insurance and IT security investment: impact of interdependent risk, in Proceedings of Weis’, 2005Google Scholar
  14. 14.
    H. Kunreuther, G. Heal, Interdependent security. J. Risk Uncertain. 26(2–3), 231–249 (2003)CrossRefGoogle Scholar
  15. 15.
    K. Hausken, Income, interdependence, and substitution effects affecting incentives for security investment. J. Account. Public Policy 25(6), 629–665 (2006)CrossRefGoogle Scholar
  16. 16.
    X. Gao, W. Zhong, S. Mei, Security investment and information sharing under an alternative security breach probability function. Inf. Syst. Front. 17(2), 423–438 (2013)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.College of Management and EconomicsTianjin UniversityTianjinChina

Personalised recommendations