Cooperative Security Against Interdependent Risks

Firms in inter-organizational networks such as supply chains or strategic alliances are exposed to interdependent risks. Interdependent risks are risks that are transferable across partner firms, such as contamination in food supply chains or data breaches in technology networks. They can be decomposed into intrinsic risks a firm faces from its own operations and extrinsic risks transferred from its partners. Firms broadly have access to two security strategies: either they can independently eliminate both intrinsic and extrinsic risks by securing their links with partners, or alternatively, firms can cooperate with partners to eliminate sources of intrinsic risk in the network. First, we develop a graph-theoretic model of interdependent risk and demonstrate that the network-optimal security strategy can be computed in polynomial time via a weighted min-cut network flow algorithm. Then, we use cooperative game-theoretic tools to examine whether and when firms can sustain the network-optimal security strategy via cost-sharing mechanisms that are stable, fair, computable, and implementable via a series of bilateral cost-sharing arrangements. By analyzing commonly employed allocation mechanisms, we uncover a trilemma, that is, it is, in general, challenging to identify cost-sharing mechanisms that are stable, fair, and implementable. We then design a novel cost-sharing mechanism: a restricted variant of the well-known Shapley value, the agreeable allocation, that is easy to compute, bilaterally implementable, belongs to the core, and is fair in a well-defined sense. However, the agreeable allocation need not always exist. Interestingly, we find that in networks with homogeneous cost parameters, the presence of locally dense clusters of connected firms precludes the existence of the agreeable allocation, while the absence of sufficiently dense clusters guarantees its existence.