Cooperative Security Against Interdependent Risks

Firms in inter-organizational networks such as supply chains or strategic alliances are exposed to interdependent risks. These are risks that are transferable across partner firms. They can be decomposed into intrinsic risks a firm faces from its own operations and extrinsic risks transferred from its partners. Firms broadly have access to two security strategies: either they can independently eliminate both intrinsic and extrinsic risks by securing their links with partners, or alternatively, firms can cooperate with partners to eliminate sources of intrinsic risk in the network. We develop a graph-theoretic model of interdependent security and demonstrate that the network-optimal security strategy can be computed in polynomial time. Then, we use cooperative game-theoretic tools to examine whether and when firms can sustain the network-optimal security strategy via cost-sharing mechanisms that are stable, fair, computable, and implementable via a series of bilateral cost-sharing arrangements. We consider different informational assumptions in the network and show that, when the players know only their own costs, firms have a clear incentive to cooperate globally whereas, in the presence of public information, there may not exist cost-sharing mechanisms that can sustain network-wide cooperation. We then design a novel cost-sharing mechanism: the agreeable allocation, that is easy to compute, bilaterally implementable, ensures stability, and is fair in a well-defined sense. However, the agreeable allocation need not always exist. We then generalize levels of agreeable allocation, with weaker implementability properties but greater existence guarantees.