B2B firms couple their business processes for better efficiency. Integrated Business processes require that the firms’ networks be interconnected. This practice enables breach incidence to travel from one firm to another, making the IT security risks of the firms strategically interdependent. The present practice of multilayered defense against IT breaches resembles stage-gates, bringing operational interdependency between the successive layers of defense in a B2B firm. Such inter-firm and inter-layer interdependences in B2B relationship ultimately results in complex decision scenarios in the IT security regime. We propose a comprehensive game theoretic model to capture the above complex, intertwined interdependencies of IT security risk in B2B firms. We also provide some initial results to explain the B2B firms’ incentive to invest in IT security.
Bandyopadhyay, Tridib, "A Model for B2B IT Security: Multilayer Defense Facing Interdependent Cyber Risk" (2011). SAIS 2011 Proceedings. 32.