Cybersecurity presents a monumental challenge for interconnected supply chains, as an attack on one node can compromise an entire business. In this paper, we propose a game theory model to investigate cybersecurity investments with third-party risk propagation in a two-echelon supply chain consisting of one retailer and n suppliers. The optimal investments and their responses to relevant security characteristics, such as intrinsic vulnerability, propagation probability, number of suppliers, and attack probability, are analysed and discussed both theoretically and numerically considering one-st...