Managing Cyber Risk in Supply Chains: A Review and Research Agenda

Ghadge, A., Weiß, M., Caldwell, N. and Wilding, R. (2019), "Managing cyber risk in supply chains: a review and research agenda", Supply Chain Management: An International Journal, Vol. 25 No. 2, pp. 223-240.

18 Pages Posted: 25 Jul 2019 Last revised: 24 Apr 2020

See all articles by Abhijeet Ghadge

Abhijeet Ghadge

Cranfield University - School of Management

Maximillian Weib

Heriot-Watt University - School of Social Sciences

Nigel Caldwell

Heriot-Watt University

Richard L Wilding

Cranfield University - Logistics and Supply Chain Management

Date Written: November 17, 2019

Abstract


Purpose: Despite growing research interest in cyber security, inter-firm based cyber risk studies are rare. Therefore, this study investigates cyber risk management in supply chain contexts.

Methodology: Adapting a systematic literature review process, papers from interdisciplinary areas published between 1990 and 2017 were selected. Different typologies, developed for conducting descriptive and thematic analysis were established using data mining techniques to conduct a comprehensive, replicable and transparent review.

Findings: The review identifies multiple future research directions for cyber security/resilience in supply chains. A conceptual model is developed, which indicates a strong link between IT, organisational and supply chain security systems. The human/behavioural elements within cyber security risk are found to be critical; however, behavioural risks have attracted less attention due to a perceived bias towards technical (data, application and network) risks. There is a need for raising risk awareness, standardised policies, collaborative strategies and empirical models for creating supply chain cyber-resilience.

Research implications: Different type of cyber risks and their points of penetration, propagation levels, consequences and mitigation measures are identified. The conceptual model developed in this study drives an agenda for future research on supply chain cyber security/resilience.

Practical implications: A multi-perspective, systematic study provides a holistic guide for practitioners in understanding cyber-physical systems. The cyber risk challenges and the mitigation strategies identified support supply chain managers in making informed decisions.

Originality: This is the first systematic literature review on managing cyber risks in supply chains. The review defines supply chain cyber risk and develops a conceptual model for supply chain cyber security systems and an agenda for future studies.

Keywords: Cyber risks, Cybersecurity, Cyber-attacks, Cyber resilience, Supply chain risk management, Supply chain resilience, Systematic literature review, Text mining

Suggested Citation

Ghadge, Abhijeet and Weib, Maximillian and Caldwell, Nigel and Wilding, Richard L, Managing Cyber Risk in Supply Chains: A Review and Research Agenda (November 17, 2019). Ghadge, A., Weiß, M., Caldwell, N. and Wilding, R. (2019), "Managing cyber risk in supply chains: a review and research agenda", Supply Chain Management: An International Journal, Vol. 25 No. 2, pp. 223-240., Available at SSRN: https://ssrn.com/abstract=3426030 or http://dx.doi.org/10.2139/ssrn.3426030

Abhijeet Ghadge (Contact Author)

Cranfield University - School of Management ( email )

Bedfordshire, MK43 0AL
United Kingdom

Maximillian Weib

Heriot-Watt University - School of Social Sciences ( email )

Edinburgh, Scotland EH14 4AS
United Kingdom

Nigel Caldwell

Heriot-Watt University ( email )

Riccarton
Edinburgh EH14 4AS, Scotland EH14 1AS
United Kingdom

Richard L Wilding

Cranfield University - Logistics and Supply Chain Management ( email )

United Kingdom

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
163
Abstract Views
854
rank
201,351
PlumX Metrics