E-commerce supply chains with considerations of cyber-security: Should governments play a role?
成果类型:
Article
署名作者:
Luo, Suyuan; Choi, Tsan-Ming
署名单位:
Shenzhen University; National Taiwan University
刊物名称:
PRODUCTION AND OPERATIONS MANAGEMENT
ISSN/ISSBN:
1059-1478
DOI:
10.1111/poms.13666
发表日期:
2022
页码:
2107-2126
关键词:
blockchain technologies
cyber-security
e-commerce supply chains
GOVERNMENT
social welfare
摘要:
E-commerce supply chains and their members face risks from cyber-attacks. Consumers who purchase goods online also risk having their private information stolen. Thus, businesses are investing to improve cyber-security at a nontrivial cost. In this paper, we conduct a Stackelberg game-theoretical analysis. In the basic model, we first derive the equilibrium pricing and cyber-security level decisions in the e-commerce supply chain. Based on real-world practices, we then explore whether governments should impose cyber-security penalty schemes. Our findings show that when the government is characterized by having sufficiently high emphasis on consumer surplus, implementing the penalty scheme is beneficial to social welfare. Then, we extend the analysis to examine how adopting systems security enhancing technologies (such as blockchain) will affect the government's choice of imposing penalty. We uncover that when it is beneficial to have government's penalty scheme, the technology benefit-to-cost ratio is a critical factor that governs whether the optimal penalty will be lower or higher with the adoption of systems security enhancing technologies. To generate more insights, we conduct further analyses for various extended modeling cases (e.g., with alliance, competition, and the defense-level dependent penalty scheme) and find that our main results remain robust. One important insight we have uncovered in this study is that imposing government penalty schemes on cyber-security issues may do more harm than good; while once it is beneficial to implement, the government should charge the heaviest possible fine. This finding may explain why in the real world, governments basically always adopt a polarized strategy, that is, either do not impose penalty or impose a super heavy penalty, on cyber-security issues.