E‐commerce supply chains with considerations of cyber‐security: Should governments play a role?

Abstract E‐commerce supply chains and their members face risks from cyber‐attacks. Consumers who purchase goods online also risk having their private information stolen. Thus, businesses are investing to improve cyber‐security at a nontrivial cost. In this paper, we conduct a Stackelberg game‐theoretical analysis. In the basic model, we first derive the equilibrium pricing and cyber‐security level decisions in the e‐commerce supply chain. Based on real‐world practices, we then explore whether governments should impose cyber‐security penalty schemes. Our findings show that when the government is characterized by having sufficiently high emphasis on consumer surplus, implementing the penalty scheme is beneficial to social welfare. Then, we extend the analysis to examine how adopting systems security enhancing technologies (such as blockchain) will affect the government's choice of imposing penalty. We uncover that when it is beneficial to have government's penalty scheme, the technology benefit‐to‐cost ratio is a critical factor that governs whether the optimal penalty will be lower or higher with the adoption of systems security enhancing technologies. To generate more insights, we conduct further analyses for various extended modeling cases (e.g., with alliance, competition, and the defense‐level dependent penalty scheme) and find that our main results remain robust. One important insight we have uncovered in this study is that imposing government penalty schemes on cyber‐security issues may do more harm than good; while once it is beneficial to implement, the government should charge the heaviest possible fine. This finding may explain why in the real world, governments basically always adopt a polarized strategy, that is, either do not impose penalty or impose a super heavy penalty, on cyber‐security issues.