A supply chain game theory framework for cybersecurity investments under network vulnerability

Abstract

In this paper, we develop a supply chain game theory framework consisting of retailers and consumers who engage in electronic transactions via the Internet and, hence, may be susceptible to cyberattacks. The retailers compete noncooperatively in order to maximize their expected profits by determining their optimal product transactions as well as cybersecurity investments in the presence of network vulnerability. The consumers reveal their preferences via the demand price functions, which depend on the product demands and on the average level of security in the supply chain network.We prove that the governing Nash equilibrium conditions of this model can be formulated as a variational inequality problem, provide qualitative properties of the equilibrium product transaction and security investment pattern, and propose an algorithm with nice features for implementation. The algorithm is then applied to two sets of numerical examples that reveal the impacts on the equilibrium product transactions, the security levels, the product prices, the expected profits, and the retailer vulnerability as well as the supply chain network vulnerability, of such issues as: increased competition, changes in the demand price functions, and changes in the security investment cost functions.