Title: Interdependent risk networks: the threat of cyber attack

Authors: Annette Hofmann; Hidajet Ramaj

Addresses: Institute for Risk and Insurance, University of Hamburg, Von-Melle-Park 5, 20146 Hamburg, Germany. ' Institute of Entrepreneurial Studies and Innovation Management, Humboldt-Universitaet zu Berlin, Dorotheenstrasse 1, 10117 Berlin, Germany

Abstract: This article presents an economic model that explicitly reflects the interdependent risk structure of a cyber network. We find that due to this interdependent risk structure, the level of cyber risk protection in the community is inefficient from the community|s overall viewpoint. The analysis further suggests that decision processes should take into account the interdependent risk structure of the underlying internet-based network. Therefore, an organisation that invests in comprehensive cyber risk protection should be rewarded by other organisations for the benefits (in the form of lower exposure risk) that it has brought to the network. Another promising way to improve protection is to subsidise high-exposure organisations. It is also important that states implement laws to prevent cyber attacks and to protect organisations. Formal contractual agreements between different organisations specifying their data and information exchange and other interactions may also prove a promising strategy. A successful agreement may involve using rewards as coordinative mechanisms; for instance, in using non-monetary web certificates. Finally, the development of international standards for tracking and tracing technologies is essential in order to improve cyber safety.

Keywords: cyber risks; cyber attacks; cyber networks; risk protection; cyber security; economic models; interdependencies; interdependent risks; information networks; positive externalities; public goods; interdependent networks; risk networks; interdependent structures; decision processes; benefits; rewards; lower exposure risk; subsidies; high-exposure organisations; laws; legislation; contractual agreements; contracts; data exchange; information exchange; interactions; coordinative mechanisms; non-monetary web certificates; international standards; technology tracking; technology tracing; cyber safety; management; decision making; cyber harassment; corporations; internet; world wide web.

DOI: 10.1504/IJMDM.2011.043406

International Journal of Management and Decision Making, 2011 Vol.11 No.5/6, pp.312 - 323

Available online: 27 Oct 2011 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article