Skip to main content
SpringerLink
Log in

The Role of Supply Chain Resilience on IT and cyber Disruptions

  • Conference paper
  • First Online:
Network, Smart and Open

Part of the book series: Lecture Notes in Information Systems and Organisation ((LNISO,volume 24))

Abstract

This study considers two major disruptions for modern supply chains: IT and cyber risks. As they may significantly impact the business continuity, the service quality, the investor confidence and the reputation of companies, more effective solutions are needed. We conducted an empirical study having as unit of analysis the supply chains of fifteen European companies, leaders in their industry. The findings show a misalignment of awareness between IT and SC managers toward these sources of disruption and the need of enhancing the traditional Supply Chain Risk Management process. We propose a framework that may improve the management of these unpredictable, high-consequence risks for the supply chain through a key element: the resilience.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Chewning, L. V., Lai, C. H., & Doerfel, M. L. (2013). Organizational resilience and using information and communication technologies to rebuild communication structures. Management Communication Quarterly, 27(2), 237–263.

    Article  Google Scholar 

  2. Mensah, P., & Merkuryev, Y. (2014). Developing a resilient supply chain. Procedia-Social and Behavioral Sciences, 110, 309–319.

    Article  Google Scholar 

  3. Mensah, P., Merkuryev, Y., & Longo, F. (2015). Using ICT in developing a resilient supply chain strategy. Procedia Computer Science, 43, 101–108.

    Article  Google Scholar 

  4. PWC Report. (2015). Information security breaches survey 2015. https://www.pwc.co.uk/assets/pdf/2015-isbs-technical-report-blue-03.pdf. Last accessed September 12, 2016.

  5. Aon Risk Solutions, Global Risk Management Survey. (2015). www.aon.com/2015GlobalRisk/. Last accessed March 12, 2016.

  6. Bartol, N. (2014). Cyber supply chain security practices DNA–Filling in the puzzle using a diverse set of disciplines. Technovation, 34(7), 354–361.

    Article  Google Scholar 

  7. Boyson, S. (2014). Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems. Technovation, 34(7), 342–353.

    Article  Google Scholar 

  8. Krebs, B. (2014). Target hackers broke in via HVAC company. Krebs on Security. http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/. Last accessed April 25, 2016.

  9. Shackelford, S. J. (2012). Should your firm invest in cyber risk insurance? Business Horizons, 55(4), 349–356.

    Article  Google Scholar 

  10. Jüttner, U. (2005). Supply chain risk management: Understanding the business requirements from a practitioner perspective. The International Journal of Logistics Management, 16(1), 120–141.

    Article  Google Scholar 

  11. Sokolov, A., Mesropyan, V., & Chulok, A. (2014). Supply chain cyber security: A Russian outlook. Technovation, 34(7), 389–391.

    Article  Google Scholar 

  12. Goldstein, J., Chernobai, A., & Benaroch, M. (2011). An event study analysis of the economic impact of IT operational risk and its subcategories. Journal of the Association for Information Systems, 12(9), 606.

    Article  Google Scholar 

  13. PWC Report. (2015). 2015 Addressing security risks in an interconnected world. Key findings from The Global State of Information Security® Survey 2015. https://www.pwc.ru/ru/industrial-manufacturing/assets/pwc-global-state-of-information-security-survey-industrial-products.pdf. Last accessed September 12, 2016.

  14. Zsidisin, G. A., & Wagner, S. M. (2010). Do perceptions become reality? The moderating role of supply chain resiliency on disruption occurrence. Journal of Business Logistics, 31(2), 1–20.

    Article  Google Scholar 

  15. Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, 51–61.

    Article  Google Scholar 

  16. Ghadge, A., Dani, S., & Kalawsky, R. (2012). Supply chain risk management: Present and future scope. The International Journal of Logistics Management, 23(3), 313–339.

    Article  Google Scholar 

  17. Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69–79.

    Article  Google Scholar 

  18. Ponomarov, S. Y., & Holcomb, M. C. (2009). Understanding the concept of supply chain resilience. The International Journal of Logistics Management, 20(1), 124–143.

    Article  Google Scholar 

  19. Leat, P., & Revoredo-Giha, C. (2013). Risk and resilience in agri-food supply chains: The case of the ASDA PorkLink supply chain in Scotland. Supply Chain Management: An International Journal, 18(2), 219–231.

    Article  Google Scholar 

  20. Lim, J. H., Stratopoulos, T. C., & Wirjanto, T. S. (2011). Path dependence of dynamic information technology capability: An empirical investigation. Journal of Management Information Systems, 28(3), 45–84.

    Article  Google Scholar 

  21. Ward, J. M. (2012). Information systems strategy: Quo vadis? The Journal of Strategic Information Systems, 21(2), 165–171.

    Article  Google Scholar 

  22. Sturm, P. (2013). Operational and reputational risk in the European banking industry: The market reaction to operational risk events. Journal of Economic Behavior & Organization, 85, 191–206.

    Article  Google Scholar 

  23. Brewer, N. T., Weinstein, N. D., Cuite, C. L., & Herrington, J. E., Jr. (2004). Risk perceptions and their relation to risk behavior. Annals of Behavioral Medicine, 27(2), 125–130.

    Article  Google Scholar 

  24. Heckmann, I., Comes, T., & Nickel, S. (2015). A critical review on supply chain risk–Definition, measure and modeling. Omega, 52, 119–132.

    Article  Google Scholar 

  25. Jensen, L. (2015). Challenges in maritime cyber-resilience. Technology Innovation Management Re-view, 5(4), 35.

    Google Scholar 

  26. Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. Computers & security, 38, 97–102.

    Article  Google Scholar 

  27. Ellison, R. J., & Woody, C. (2010). Supply-chain risk management: Incorporating security into software development. In 43rd IEEE Hawaii International Conference on System Sciences, (HICSS), (pp. 1–10). Honolulu: IEEE Press.

    Google Scholar 

  28. Kasperky. (2016). Report 2016 IT Threat Evolution In Q1 2016 https://securelist.com/files/2016/05/Q1_2016_MW_report_FINAL_eng.pdf. Last accessed April 25, 2016.

  29. Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., & Kott, A. (2013). Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4), 471–476.

    Article  Google Scholar 

  30. National Academy of Sciences. (2016). Disaster resilience: A national imperative. Washington DC, United States. http://www.nap.edu/catalog.php?record_id=13457. Last accessed June 01, 2016.

  31. Gatzert, N., & Kolb, A. (2014). Risk measurement and management of operational risk in insurance companies from an enterprise perspective. Journal of Risk and Insurance, 81(3), 683–708.

    Article  Google Scholar 

  32. Hora, M., & Klassen, R. D. (2013). Learning from others’ misfortune: Factors influencing knowledge acquisi-tion to reduce operational risk. Journal of Operations Management, 31(1), 52–61.

    Article  Google Scholar 

  33. Strauss, A., & Corbin, J. (1998). Basics of qualitative research: Procedures and techniques for developing grounded theory. Thousand Oaks, CA: Sage.

    Google Scholar 

  34. Biener, C., Eling, M., & Wirfs, J. H. (2015). Insurability of cyber risk: An empirical analysis. The Geneva Papers on Risk and Insurance Issues and Practice, 40(1), 131–158.

    Article  Google Scholar 

  35. Mukhopadhyay, A., Chatterjee, S., Saha, D., Mahanti, A., & Sadhukhan, S. K. (2013). Cyber-risk decision models: To insure IT or not? Decision Support Systems, 56, 11–26.

    Article  Google Scholar 

  36. Öğüt, H., Raghunathan, S., & Menon, N. (2011). Cyber security risk management: Public policy implications of correlated risk, imperfect ability to prove loss, and observability of self protection. Risk Analysis, 31(3), 497–512.

    Article  Google Scholar 

  37. Khan, O., & Estay, D. A. S. (2015). Supply chain cyber-resilience: Creating an agenda for future re-search. Technology Innovation Management Review, 5(4).

    Google Scholar 

  38. Hiller, J. S., & Russell, R. S. (2013). The challenge and imperative of private sector cybersecurity: An international comparison. Computer Law & Security Review, 29(3), 236–245.

    Article  Google Scholar 

  39. Tehrani, P. M., & Manap, N. A. (2013). A rational jurisdiction for cyber terrorism. Computer Law & Security Review, 29(6), 689–701.

    Article  Google Scholar 

  40. Hua, J., & Bapna, S. (2013). The economic impact of cyber terrorism. The Journal of Strategic Information Systems, 22(2), 175–186.

    Article  Google Scholar 

  41. Tazelaar, F., & Snijders, C. (2013). Operational risk assessments by supply chain professionals: Process and performance. Journal of Operations Management, 31(1), 37–51.

    Article  Google Scholar 

  42. Benaroch, M., Chernobai, A., & Goldstein, J. (2012). An internal control perspective on the market value consequences of IT operational risk events. International Journal of Accounting Information Systems, 13(4), 357–381.

    Article  Google Scholar 

  43. Boyes, H. (2015). cybersecurity and cyber-resilient supply chains. Technology Innovation Management Review, 5(4), 28.

    Google Scholar 

  44. Konchitchki, Y., & O’Leary, D. E. (2011). Event study methodologies in information systems re-search. International Journal of Accounting Information Systems, 12(2), 99–115.

    Article  Google Scholar 

  45. Davis, A. (2015). Building cyber-resilience into supply chains. Technology Innovation Management Review, 5(4), 19.

    Google Scholar 

  46. Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of cyber security management in industrial control systems. International Journal of Critical Infrastructure Protection, 9, 52–80.

    Article  Google Scholar 

  47. Gaudenzi, B., Confente, I., & Christopher, M. (2015). Managing reputational risk: Insights from an European Survey. Corporate Reputation Review, 18(4), 248–260.

    Article  Google Scholar 

  48. Scholten, K., Sharkey Scott, P., & Fynes, B. (2014). Mitigation processes–antecedents for building supply chain resilience. Supply Chain Management: An International Journal, 19(2), 211–228.

    Article  Google Scholar 

  49. Moore, T. (2010). The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection, 3(3), 103–117.

    Article  Google Scholar 

  50. Sen, R., & Borle, S. (2015). Estimating the contextual risk of data breach: An empirical approach. Journal of Management Information Systems, 32(2), 314–341.

    Article  Google Scholar 

  51. Deane, J. K., Rees, C. L., & Baker, W. H. (2010). Assessing the information technology security risk in medical supply chains. International Journal of Electronic Marketing and Retailing, 3(2), 145–155.

    Article  Google Scholar 

  52. Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Information Sciences, 256, 57–73.

    Article  Google Scholar 

  53. Kim, W., Jeong, O. R., Kim, C., & So, J. (2011). The dark side of the Internet: Attacks, costs and respons-es. Information systems, 36(3), 675–705.

    Article  Google Scholar 

  54. ISO 31000—Risk management. http://www.iso.org/iso/home/standards/iso31000.htm. Last accessed February 14, 2016.

  55. ISO/IEC 27001:2013 Information technology—Security techniques—Information security management systems—Requirements http://www.iso.org/iso/iso27001. Last accessed February 14, 2016.

  56. ISO/IEC 27036-1:2014 Information technology—Security techniques—Information security for supplier relationships. http://iso.org/standard/59648.html. Last accessed February 14, 2016.

  57. ISO/IEC 27032:2012 Information technology—Security techniques—Guidelines for cybersecurity http://iso.org/standard/44375.html. Last accessed February 14, 2016.

  58. Hofmann, D. A., & Stetzer, A. (1998). The role of safety climate and communication in accident interpretation: Implications for learning from negative events. Academy of Management Journal, 41(6), 644–657.

    Article  Google Scholar 

  59. Linton, J. D., Boyson, S., & Aje, J. (2014). The challenge of cyber supply chain security to research and practice–An introduction. Technovation, 34(7), 339–341.

    Article  Google Scholar 

  60. Irion, K. (2013). The governance of network and information security in the European Union: The European Public-Private Partnership for Resilience (EP3R). In The Secure Information Society, (pp. 83−116). London: Springer.

    Google Scholar 

  61. Mensah, P., Merkuryev, Y., & Manak, S. (2015). Developing a resilient supply chain strategy by exploiting ICT. Procedia Computer Science, 77, 65–71.

    Article  Google Scholar 

  62. Waters, D. (2011). Supply chain risk management: Vulnerability and resilience in logistics. London: Kogan Page Publishers.

    Google Scholar 

  63. Gibbert, M., & Ruigrok, W. (2010). The ‘‘what’’ and ‘‘how’’ of case study rigor: Three strategies based on published work. Organizational Research Methods, 13(4), 710–737.

    Article  Google Scholar 

  64. Glaser, B. G., & Strauss, A. L. (2009). The discovery of grounded theory: Strategies for qualitative research. Transaction publishers.

    Google Scholar 

  65. Srinidhi, B., Yan, J., & Tayi, G. K. (2015). Allocation of resources to cyber-security: The effect of misalignment of interest between managers and investors. Decision Support Systems, 75, 49–62.

    Article  Google Scholar 

  66. Strauss, A. L. (1987). Qualitative analysis for social scientists. Cambridge: Cambridge University Press.

    Google Scholar 

  67. Hohenstein, N. O., Feisel, E., Hartmann, E., & Giunipero, L. (2015). Research on the phenomenon of supply chain resilience: A systematic review and paths for further investigation. International Journal of Physical Distribution & Logistics Management, 45(1/2), 90–117.

    Article  Google Scholar 

  68. Pearson, N. (2014). A larger problem: Financial and reputational risks. Computer Fraud & Security, 2014(4), 11–13.

    Article  Google Scholar 

  69. Ranganathan, C., Teo, T. S., & Dhaliwal, J. (2011). Web-enabled supply chain management: Key antecedents and performance impacts. International Journal of Information Management, 31(6), 533–545.

    Article  Google Scholar 

  70. Christopher, M., & Peck, H. (2004). Building the resilient supply chain. The international journal of logistics management, 15(2), 1–14.

    Article  Google Scholar 

  71. Pettit, T. J., Fiksel, J., & Croxton, K. L. (2010). Ensuring supply chain resilience: Development of a conceptual framework. Journal of Business Logistics, 31(1), 1–21.

    Article  Google Scholar 

  72. Tehrani, P. M., Manap, N. A., & Taji, H. (2013). cyber terrorism challenges: The need for a global response to a multi-jurisdictional crime. Computer Law & Security Review, 29(3), 207–215.

    Article  Google Scholar 

  73. Hollnagel, E., Paries, J., Woods, D., & Wreathall, J. (2011). Resilience engineering in practice: A guidebook. United Kingdom: Ashgate.

    Google Scholar 

  74. Wachinger, G., & Renn, O. (2010). Risk perception and natural hazards, CapHaz-Net WP3 Report, DIALOGIK Non-Profit Institute for Communication and Cooperative Research, Stuttgart. caphaz-net.org/outcomes-results/CapHaz-Net WP3 Risk-Perception.Pdf. Last accessed May 14, 2016.

    Google Scholar 

  75. Martin, J. A., & Eisenhardt, K. M. (2010). Rewiring: Cross-business-unit collaborations in multibusiness organizations. Academy of Management Journal, 53(2), 265–301.

    Article  Google Scholar 

  76. Posey, C., Roberts, T., Lowry, P. B., Bennett, B., & Courtney, J. (2013). Insiders’ protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly, 37(4), 1189–1210.

    Article  Google Scholar 

  77. Urciuoli, L. (2015). cyber-resilience: A strategic approach for supply chain management. Technology Innovation Management Review, 5(4), 13.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Verona, Verona, Italy

    Giorgia Giusi Siciliano & Barbara Gaudenzi

Authors
  1. Giorgia Giusi Siciliano
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Barbara Gaudenzi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Giorgia Giusi Siciliano .

Editor information

Editors and Affiliations

  1. Parthenope University of Naples, Naples, Italy

    Rita Lamboglia

  2. University of Perugia, Perugia, Italy

    Andrea Cardoni

  3. University of Genoa, Genoa, Italy

    Renata Paola Dameri

  4. Parthenope University of Naples, Naples, Italy

    Daniela Mancini

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Siciliano, G.G., Gaudenzi, B. (2018). The Role of Supply Chain Resilience on IT and cyber Disruptions. In: Lamboglia, R., Cardoni, A., Dameri, R., Mancini, D. (eds) Network, Smart and Open. Lecture Notes in Information Systems and Organisation, vol 24. Springer, Cham. https://doi.org/10.1007/978-3-319-62636-9_4

Download citation

Publish with us

Policies and ethics

Search

Navigation