Interdependent risk networks: the threat of cyber attack

This article presents an economic model that explicitly reflects the interdependent risk structure of a cyber network. We find that due to this interdependent risk structure, the level of cyber risk protection in the community is inefficient from the community's overall viewpoint. The analysis further suggests that decision processes should take into account the interdependent risk structure of the underlying internet‐based network. Therefore, an organisation that invests in comprehensive cyber risk protection should be rewarded by other organisations for the benefits (in the form of lower exposure risk) that it has brought to the network. Another promising way to improve protection is to subsidise high‐exposure organisations. It is also important that states implement laws to prevent cyber attacks and to protect organisations. Formal contractual agreements between different organisations specifying their data and information exchange and other interactions may also prove a promising strategy. A successful agreement may involve using rewards as coordinative mechanisms; for instance, in using non‐monetary web certificates. Finally, the development of international standards for tracking and tracing technologies is essential in order to improve cyber safety.