Interdependencies within an Organization

The World Trade Center terrorist attacks of September 11 th have stimulated us to think about the challenges organizations face in dealing with low-probability events that have catastrophic consequences. More specifically, there are certain bad events that can only occur once. Death is the clearest example: an individual's death is irreversible and unrepeatable. With respect to firm behavior, bankruptcy is the obvious analog. This paper develops a framework for addressing the issue of interdependent security (i.e. when the protective decisions by one division affects the risks faced by others) and its relationship to catastrophic losses within an organization. We show that when failure to take actions by any division can bankrupt the entire firm, the economic incentive for any division in an organization to invest in risk-reduction measures depends on how it expects the other divisions to behave in this respect. For this class of problems there may be situations where no one invests in safety measures, even though everyone would be better off if each division had incurred this cost. To encourage the adoption of security measures in these situations one needs to turn to institutional coordinating mechanisms and/or public-private partnerships. The paper focuses on two such approaches: (1) how a firm encourage its divisions to invest in protection through internal rules and (2) the role that government regulations coupled with third party inspections and insurance play in encouraging investment in protection. The concluding section explores areas for future theoretical and empirical research in interdependent security.