Balancing cybersecurity in a supply chain under direct and indirect cyber risks

Abstract

Cybersecurity is an essential requirement for the sustainability of global supply chains. In this paper, a stochastic programming formulation is presented for optimisation of cybersecurity investment and selection of security controls to mitigate and balance the impact of direct and indirect (propagated) cyber risks in a multi-tier supply chain. Using a network transformation combined with the first-order Taylor series approximation of natural logarithm to linearise the nonlinear constraints, a nonlinear stochastic combinatorial optimisation model is approximated by its linear equivalent. The problem objective is to determine an optimal cybersecurity investment under limited budget and portfolio of security controls for each supply chain node to balance the cybersecurity over the entire supply chain. The minmax objective functions are applied to minimise either the maximum breach probability or the maximum loss of supply chain nodes. Alternatively, maxmin objectives are used to maximise either the minimum non-breach probability or the minimum saving of loss. The proposed integrated modelling approach is illustrated with results of computational study and a comparison of approximated and exact solution values is presented. The decision-making insights are provided and discussed.