Abstract
This study considers two major disruptions for modern supply chains: IT and cyber risks. As they may significantly impact the business continuity, the service quality, the investor confidence and the reputation of companies, more effective solutions are needed. We conducted an empirical study having as unit of analysis the supply chains of fifteen European companies, leaders in their industry. The findings show a misalignment of awareness between IT and SC managers toward these sources of disruption and the need of enhancing the traditional Supply Chain Risk Management process. We propose a framework that may improve the management of these unpredictable, high-consequence risks for the supply chain through a key element: the resilience.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chewning, L. V., Lai, C. H., & Doerfel, M. L. (2013). Organizational resilience and using information and communication technologies to rebuild communication structures. Management Communication Quarterly, 27(2), 237–263.
Mensah, P., & Merkuryev, Y. (2014). Developing a resilient supply chain. Procedia-Social and Behavioral Sciences, 110, 309–319.
Mensah, P., Merkuryev, Y., & Longo, F. (2015). Using ICT in developing a resilient supply chain strategy. Procedia Computer Science, 43, 101–108.
PWC Report. (2015). Information security breaches survey 2015. https://www.pwc.co.uk/assets/pdf/2015-isbs-technical-report-blue-03.pdf. Last accessed September 12, 2016.
Aon Risk Solutions, Global Risk Management Survey. (2015). www.aon.com/2015GlobalRisk/. Last accessed March 12, 2016.
Bartol, N. (2014). Cyber supply chain security practices DNA–Filling in the puzzle using a diverse set of disciplines. Technovation, 34(7), 354–361.
Boyson, S. (2014). Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems. Technovation, 34(7), 342–353.
Krebs, B. (2014). Target hackers broke in via HVAC company. Krebs on Security. http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/. Last accessed April 25, 2016.
Shackelford, S. J. (2012). Should your firm invest in cyber risk insurance? Business Horizons, 55(4), 349–356.
Jüttner, U. (2005). Supply chain risk management: Understanding the business requirements from a practitioner perspective. The International Journal of Logistics Management, 16(1), 120–141.
Sokolov, A., Mesropyan, V., & Chulok, A. (2014). Supply chain cyber security: A Russian outlook. Technovation, 34(7), 389–391.
Goldstein, J., Chernobai, A., & Benaroch, M. (2011). An event study analysis of the economic impact of IT operational risk and its subcategories. Journal of the Association for Information Systems, 12(9), 606.
PWC Report. (2015). 2015 Addressing security risks in an interconnected world. Key findings from The Global State of Information Security® Survey 2015. https://www.pwc.ru/ru/industrial-manufacturing/assets/pwc-global-state-of-information-security-survey-industrial-products.pdf. Last accessed September 12, 2016.
Zsidisin, G. A., & Wagner, S. M. (2010). Do perceptions become reality? The moderating role of supply chain resiliency on disruption occurrence. Journal of Business Logistics, 31(2), 1–20.
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, 51–61.
Ghadge, A., Dani, S., & Kalawsky, R. (2012). Supply chain risk management: Present and future scope. The International Journal of Logistics Management, 23(3), 313–339.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69–79.
Ponomarov, S. Y., & Holcomb, M. C. (2009). Understanding the concept of supply chain resilience. The International Journal of Logistics Management, 20(1), 124–143.
Leat, P., & Revoredo-Giha, C. (2013). Risk and resilience in agri-food supply chains: The case of the ASDA PorkLink supply chain in Scotland. Supply Chain Management: An International Journal, 18(2), 219–231.
Lim, J. H., Stratopoulos, T. C., & Wirjanto, T. S. (2011). Path dependence of dynamic information technology capability: An empirical investigation. Journal of Management Information Systems, 28(3), 45–84.
Ward, J. M. (2012). Information systems strategy: Quo vadis? The Journal of Strategic Information Systems, 21(2), 165–171.
Sturm, P. (2013). Operational and reputational risk in the European banking industry: The market reaction to operational risk events. Journal of Economic Behavior & Organization, 85, 191–206.
Brewer, N. T., Weinstein, N. D., Cuite, C. L., & Herrington, J. E., Jr. (2004). Risk perceptions and their relation to risk behavior. Annals of Behavioral Medicine, 27(2), 125–130.
Heckmann, I., Comes, T., & Nickel, S. (2015). A critical review on supply chain risk–Definition, measure and modeling. Omega, 52, 119–132.
Jensen, L. (2015). Challenges in maritime cyber-resilience. Technology Innovation Management Re-view, 5(4), 35.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. Computers & security, 38, 97–102.
Ellison, R. J., & Woody, C. (2010). Supply-chain risk management: Incorporating security into software development. In 43rd IEEE Hawaii International Conference on System Sciences, (HICSS), (pp. 1–10). Honolulu: IEEE Press.
Kasperky. (2016). Report 2016 IT Threat Evolution In Q1 2016 https://securelist.com/files/2016/05/Q1_2016_MW_report_FINAL_eng.pdf. Last accessed April 25, 2016.
Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., & Kott, A. (2013). Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4), 471–476.
National Academy of Sciences. (2016). Disaster resilience: A national imperative. Washington DC, United States. http://www.nap.edu/catalog.php?record_id=13457. Last accessed June 01, 2016.
Gatzert, N., & Kolb, A. (2014). Risk measurement and management of operational risk in insurance companies from an enterprise perspective. Journal of Risk and Insurance, 81(3), 683–708.
Hora, M., & Klassen, R. D. (2013). Learning from others’ misfortune: Factors influencing knowledge acquisi-tion to reduce operational risk. Journal of Operations Management, 31(1), 52–61.
Strauss, A., & Corbin, J. (1998). Basics of qualitative research: Procedures and techniques for developing grounded theory. Thousand Oaks, CA: Sage.
Biener, C., Eling, M., & Wirfs, J. H. (2015). Insurability of cyber risk: An empirical analysis. The Geneva Papers on Risk and Insurance Issues and Practice, 40(1), 131–158.
Mukhopadhyay, A., Chatterjee, S., Saha, D., Mahanti, A., & Sadhukhan, S. K. (2013). Cyber-risk decision models: To insure IT or not? Decision Support Systems, 56, 11–26.
Öğüt, H., Raghunathan, S., & Menon, N. (2011). Cyber security risk management: Public policy implications of correlated risk, imperfect ability to prove loss, and observability of self protection. Risk Analysis, 31(3), 497–512.
Khan, O., & Estay, D. A. S. (2015). Supply chain cyber-resilience: Creating an agenda for future re-search. Technology Innovation Management Review, 5(4).
Hiller, J. S., & Russell, R. S. (2013). The challenge and imperative of private sector cybersecurity: An international comparison. Computer Law & Security Review, 29(3), 236–245.
Tehrani, P. M., & Manap, N. A. (2013). A rational jurisdiction for cyber terrorism. Computer Law & Security Review, 29(6), 689–701.
Hua, J., & Bapna, S. (2013). The economic impact of cyber terrorism. The Journal of Strategic Information Systems, 22(2), 175–186.
Tazelaar, F., & Snijders, C. (2013). Operational risk assessments by supply chain professionals: Process and performance. Journal of Operations Management, 31(1), 37–51.
Benaroch, M., Chernobai, A., & Goldstein, J. (2012). An internal control perspective on the market value consequences of IT operational risk events. International Journal of Accounting Information Systems, 13(4), 357–381.
Boyes, H. (2015). cybersecurity and cyber-resilient supply chains. Technology Innovation Management Review, 5(4), 28.
Konchitchki, Y., & O’Leary, D. E. (2011). Event study methodologies in information systems re-search. International Journal of Accounting Information Systems, 12(2), 99–115.
Davis, A. (2015). Building cyber-resilience into supply chains. Technology Innovation Management Review, 5(4), 19.
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of cyber security management in industrial control systems. International Journal of Critical Infrastructure Protection, 9, 52–80.
Gaudenzi, B., Confente, I., & Christopher, M. (2015). Managing reputational risk: Insights from an European Survey. Corporate Reputation Review, 18(4), 248–260.
Scholten, K., Sharkey Scott, P., & Fynes, B. (2014). Mitigation processes–antecedents for building supply chain resilience. Supply Chain Management: An International Journal, 19(2), 211–228.
Moore, T. (2010). The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection, 3(3), 103–117.
Sen, R., & Borle, S. (2015). Estimating the contextual risk of data breach: An empirical approach. Journal of Management Information Systems, 32(2), 314–341.
Deane, J. K., Rees, C. L., & Baker, W. H. (2010). Assessing the information technology security risk in medical supply chains. International Journal of Electronic Marketing and Retailing, 3(2), 145–155.
Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Information Sciences, 256, 57–73.
Kim, W., Jeong, O. R., Kim, C., & So, J. (2011). The dark side of the Internet: Attacks, costs and respons-es. Information systems, 36(3), 675–705.
ISO 31000—Risk management. http://www.iso.org/iso/home/standards/iso31000.htm. Last accessed February 14, 2016.
ISO/IEC 27001:2013 Information technology—Security techniques—Information security management systems—Requirements http://www.iso.org/iso/iso27001. Last accessed February 14, 2016.
ISO/IEC 27036-1:2014 Information technology—Security techniques—Information security for supplier relationships. http://iso.org/standard/59648.html. Last accessed February 14, 2016.
ISO/IEC 27032:2012 Information technology—Security techniques—Guidelines for cybersecurity http://iso.org/standard/44375.html. Last accessed February 14, 2016.
Hofmann, D. A., & Stetzer, A. (1998). The role of safety climate and communication in accident interpretation: Implications for learning from negative events. Academy of Management Journal, 41(6), 644–657.
Linton, J. D., Boyson, S., & Aje, J. (2014). The challenge of cyber supply chain security to research and practice–An introduction. Technovation, 34(7), 339–341.
Irion, K. (2013). The governance of network and information security in the European Union: The European Public-Private Partnership for Resilience (EP3R). In The Secure Information Society, (pp. 83−116). London: Springer.
Mensah, P., Merkuryev, Y., & Manak, S. (2015). Developing a resilient supply chain strategy by exploiting ICT. Procedia Computer Science, 77, 65–71.
Waters, D. (2011). Supply chain risk management: Vulnerability and resilience in logistics. London: Kogan Page Publishers.
Gibbert, M., & Ruigrok, W. (2010). The ‘‘what’’ and ‘‘how’’ of case study rigor: Three strategies based on published work. Organizational Research Methods, 13(4), 710–737.
Glaser, B. G., & Strauss, A. L. (2009). The discovery of grounded theory: Strategies for qualitative research. Transaction publishers.
Srinidhi, B., Yan, J., & Tayi, G. K. (2015). Allocation of resources to cyber-security: The effect of misalignment of interest between managers and investors. Decision Support Systems, 75, 49–62.
Strauss, A. L. (1987). Qualitative analysis for social scientists. Cambridge: Cambridge University Press.
Hohenstein, N. O., Feisel, E., Hartmann, E., & Giunipero, L. (2015). Research on the phenomenon of supply chain resilience: A systematic review and paths for further investigation. International Journal of Physical Distribution & Logistics Management, 45(1/2), 90–117.
Pearson, N. (2014). A larger problem: Financial and reputational risks. Computer Fraud & Security, 2014(4), 11–13.
Ranganathan, C., Teo, T. S., & Dhaliwal, J. (2011). Web-enabled supply chain management: Key antecedents and performance impacts. International Journal of Information Management, 31(6), 533–545.
Christopher, M., & Peck, H. (2004). Building the resilient supply chain. The international journal of logistics management, 15(2), 1–14.
Pettit, T. J., Fiksel, J., & Croxton, K. L. (2010). Ensuring supply chain resilience: Development of a conceptual framework. Journal of Business Logistics, 31(1), 1–21.
Tehrani, P. M., Manap, N. A., & Taji, H. (2013). cyber terrorism challenges: The need for a global response to a multi-jurisdictional crime. Computer Law & Security Review, 29(3), 207–215.
Hollnagel, E., Paries, J., Woods, D., & Wreathall, J. (2011). Resilience engineering in practice: A guidebook. United Kingdom: Ashgate.
Wachinger, G., & Renn, O. (2010). Risk perception and natural hazards, CapHaz-Net WP3 Report, DIALOGIK Non-Profit Institute for Communication and Cooperative Research, Stuttgart. caphaz-net.org/outcomes-results/CapHaz-Net WP3 Risk-Perception.Pdf. Last accessed May 14, 2016.
Martin, J. A., & Eisenhardt, K. M. (2010). Rewiring: Cross-business-unit collaborations in multibusiness organizations. Academy of Management Journal, 53(2), 265–301.
Posey, C., Roberts, T., Lowry, P. B., Bennett, B., & Courtney, J. (2013). Insiders’ protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly, 37(4), 1189–1210.
Urciuoli, L. (2015). cyber-resilience: A strategic approach for supply chain management. Technology Innovation Management Review, 5(4), 13.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Siciliano, G.G., Gaudenzi, B. (2018). The Role of Supply Chain Resilience on IT and cyber Disruptions. In: Lamboglia, R., Cardoni, A., Dameri, R., Mancini, D. (eds) Network, Smart and Open. Lecture Notes in Information Systems and Organisation, vol 24. Springer, Cham. https://doi.org/10.1007/978-3-319-62636-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-62636-9_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-62635-2
Online ISBN: 978-3-319-62636-9
eBook Packages: Business and ManagementBusiness and Management (R0)