Help
Cart
Skip main navigation

Available Issues

December 4, 2012 - June 5, 2026

Available Issues

December 4, 2012 - June 5, 2026

Cyber Risk in Supply Chains: Strategic Interactions and Optimal Coordination

Published Online:10 Jun 2026https://doi.org/10.1287/deca.2024.0314

References

  • Bagchi A, Bandyopadhyay T (2018) Role of intelligence inputs in defending against cyber warfare and cyber terrorism. Decision Anal. (Oxford) 15(3):133–194.Google Scholar
  • Bandyopadhyay T, Jacob V, Raghunathan S (2010) Information security in networked supply chains: Impact of network vulnerability and supply chain integration on incentives to invest. Inform. Tech. Management 11(1):7–23.CrossrefGoogle Scholar
  • Baryshnikov Y (2012) IT security investment and Gordon-Loeb’s 1/e Rule. Proc. 11th Workshop Econom. Inform. Security (WEIS) (Berlin).Google Scholar
  • Chen Z, Du WB, Cao XB, Zhou XL (2015) Cascading failure of interdependent networks with different coupling preference under targeted attack. Chaos Solitons Fractals 80:7–12.CrossrefGoogle Scholar
  • CISA (2020) Advanced persistent threat compromise of government agencies, critical infrastructure, and private sector organizations. Accessed January 23, 2026, https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-352a.Google Scholar
  • Couce-Vieira A, Insua DR, Kosgodagan A (2020) Assessing and forecasting cybersecurity impacts. Decision Anal. (Oxford) 17(4):356–374.LinkGoogle Scholar
  • ENISA (2020) Data breach: ENISA threat landscape. Accessed March 22, 2024, http://www.enisa.europa.eu/.Google Scholar
  • Gal-Or E, Ghose A (2005) The economic incentives for sharing security information. Inform. Systems Res. 16(2):186–208.LinkGoogle Scholar
  • Gordon LA, Loeb MP (2002) The economics of cybersecurity investment. ACM Trans. Inform. System Security 5:438–457.CrossrefGoogle Scholar
  • Gordon LA, Loeb M, Lucyshyn W (2003) Sharing information on computer systems security: An economic analysis. J. Accounting Public Policy 22(6):461–485.CrossrefGoogle Scholar
  • Gordon LA, Loeb MP, Lucyshyn W, Zhou L (2015) Increasing cybersecurity investments in private sector firms. J. Cybersecur. 1:3–17.Google Scholar
  • Grean M, Shaw MJ (2002) Supply-chain partnership between P&G and Wal-Mart. Shaw MJ, ed. E-Business Management: Integration of Web Technologies with Business Models (Kluwer Academic Publishers, Norwell, MA), 155–171.CrossrefGoogle Scholar
  • Hausken K (2006) Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Inform. Systems Frontiers 5(8).Google Scholar
  • Hua J, Bapna S (2013) The economic impact of cyber terrorism. J. Strategic Inform. Systems 22(2):175–186.CrossrefGoogle Scholar
  • Insua DR, Couce‐Vieira A, Rubio JA, Pieters W, Labunets K, Rasines DG (2021) An adversarial risk analysis framework for cybersecurity. Risk Anal. (Oxford) 41(1):16–36.CrossrefGoogle Scholar
  • Jeong CY, Lee SYT, Lim JH (2019) Information security breaches and IT security investments: Impacts on competitors. Inform. Management 56:681–695.CrossrefGoogle Scholar
  • Lee J, Palekar US, Qualls W (2011) Supply chain efficiency and security: Coordination for collaborative investment in technology. Eur. J. Oper. Res. 210(3):568–578.CrossrefGoogle Scholar
  • LeLarge M (2012) Coordination in network security games: A monotone comparative statics approach. IEEE J. Selected Areas Comm. 30:2210–2219.CrossrefGoogle Scholar
  • Li X (2021) Decision making of optimal investment in information security for complementary enterprises based on game theory. Tech. Anal. Strategic Management 33(7):755–769.CrossrefGoogle Scholar
  • Li X, Xue Q (2021) An economic analysis of information security investment decision making for substitutable enterprises. Managerial Decision Econom., ePub ahead of print February 16, https://doi.org/10.1002/mde.3310.Google Scholar
  • Lowry PB, Dinev T, Willison R (2017) Why security and privacy research lies at the centre of the information systems (IS) artefact: Proposing a bold research agenda. Eur. J. Inform. Systems 26:546–563.CrossrefGoogle Scholar
  • Mandiant (2020) Highly evasive attacker leverages solarwinds supply chain. Accessed January 23, 2026, https://cloud.google.com/blog/topics/threat-intelligence/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.Google Scholar
  • Nagurney A, Shukla S (2017) Multifirm models of cybersecurity investment competition vs. cooperation and network vulnerability. Eur. J. Oper. Res. 260(2):588–600.CrossrefGoogle Scholar
  • Paul JA, Zhang M (2020) Decision support model for cybersecurity risk planning: A two-stage stochastic programming framework featuring firms, government and attacker. Eur. J. Oper. Res. 291(1):349–364.CrossrefGoogle Scholar
  • Peng H, Zhao D, Han J, Lu J (2015) Invulnerability of grown peertopeer networks under progressive targeted attacks. Phys. A Statist. Mech. Its Appl. 428:60–67.CrossrefGoogle Scholar
  • Ponemon Institute (2019) Cost of a data breach report 2019. https://insights.integrity360.com/hubfs/2019-cost-of-a-data-breach-report-04_03025203USEN.pdf.Google Scholar
  • Png IPL, Wang Q-H (2009) Information security: Facilitating user precautions vis-a-vis enforcement against attackers. J. Management Inform. Systems 26(2):97–121.CrossrefGoogle Scholar
  • Qian X, Liu X, Pei J, Pardalos PM, Liu L (2017) A game-theoretic analysis of information security investment for multiple firms in a network. J. Oper. Res. Soc. 68(10):1290–1305.CrossrefGoogle Scholar
  • Rakes TR, Deane JK, Rees PL (2012) IT security planning under uncertainty for high-impact events. Omega (Westport) 40(1):79–88.Google Scholar
  • Rees LP, Deane JK, Rakes TR, Baker WH (2011) Decision support for cybersecurity risk planning. Decision Support Systems 51(3):493–505.CrossrefGoogle Scholar
  • Sanger DE, Perlroth N, Barnes JE (2020) Scope of Russian hack becomes clear: Multiple U.S. agencies were hit. Accessed January 23, 2026, https://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html.Google Scholar
  • Simon J, Omar A (2020) Cybersecurity investments in the supply chain: Coordination and a strategic attacker. Eur. J. Oper. Res. 282(1):161–171.CrossrefGoogle Scholar
  • Tang CS (2006) Perspectives in supply chain risk management. Internat. J. Production Econom. 103:451–488.CrossrefGoogle Scholar
  • Wu Y, Feng GZ, Wang NM, Liang HG (2015) Game of information security investment: Impact of attack types and network vulnerability. Expert Systems Appl. 42:6132–6146.CrossrefGoogle Scholar
  • Wu Y, Duan J, Dai T, Cheng D, 2020. Managing security outsourcing in the presence of strategic hackers. Decision Anal. 17(3):235–259.Google Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree