Cooperative security against interdependent risks

Abstract

Firms in interorganizational networks are exposed to interdependent risks that are transferable across partner firms, such as contamination in food supply chains or data breaches in technology networks. They can be decomposed into intrinsic risks a firm faces from its own operations and extrinsic risks transferred from its partners. Firms have access to two security strategies: either they can independently eliminate both intrinsic and extrinsic risks by securing their links with partners or, alternatively, firms can cooperate with partners to eliminate sources of intrinsic risk in the network. We develop a graph-theoretic model of interdependent security and demonstrate that the network-optimal security strategy can be computed in polynomial time. Then, we use cooperative game-theoretic tools to examine, under different informational assumptions, whether firms can sustain the network-optimal security strategy via suitable cost-sharing mechanisms. We design a novel cost-sharing mechanism: a restricted variant of the well-known Shapley value, the agreeable allocation, that is easy to compute, bilaterally implementable, ensures stability, and is fair. However, the agreeable allocation need not always exist. Interestingly, we find that in networks with homogeneous cost parameters, the presence of locally dense clusters of connected firms precludes the existence of the agreeable allocation, while the absence of sufficiently dense clusters (formally, k-cores) guarantees its existence. Finally, using the SDC Platinum database, we consider all interfirm alliances formed in the food manufacturing sector from 2006 to 2020. Then, with simulated cost parameters, we examine the practical feasibility of identifying bilaterally implementable security cost-sharing arrangements in these alliances.