Cyber Supply Chain Risk Management: Toward an Understanding of the Antecedents to the Demand for Assurance
Hampton, C., S.G. Sutton, V. Arnold, and D. Khazanchi, Cyber Supply Chain Risk Management: Toward an Understanding of the Antecedents to the Demand for Assurance. Journal of Information Systems, Forthcoming, https://doi.org/10.2308/ISYS-19-050
Posted: 23 Oct 2020
Date Written: October 1, 2020
Abstract
Recognizing the need for effective cyber risk management processes across the supply chain, the AICPA issued a new SOC in March 2020 for assuring cyber supply chain risk management (C-SCRM) processes. This study examines supply chain relationship factors and cyber risk issues to better understand the demand for C-SCRM assurance. Resource Advantage Theory of Competition provides the conceptual foundation for assessing the dual drivers of relationship building and cyber risk management on demand for assurance. We use a field survey to collect data from 205 professionals enabling evaluation of the complex relationships in the theoretical model. Results support all hypotheses, provide satisfactory model fit, and support the underlying theory. Trust, power imbalances and cyber supply chain risk all positively influence the demand for assurance over C-SCRM processes, suggesting assurance is a desirable process for addressing the three greatest inhibitors of collaborative supply chain relationships. Two new constructs are also introduced in the research — a complex 49 item measure for assessing cyber supply chain risk across the technical, operational and strategic levels, along with a more traditional multi-item construct for assessing the a priori demand for assurance. This study expands the literature on cyber assurance by auditors and elaborates on overall supply chain processes that help drive value from auditors providing such assurance.
Keywords: Cyber Risk Management, Supply Chain Risk Management, Cyber Supply Chain Risk Management, Cyber Assurance, Voluntary Assurance, SOC Reports
JEL Classification: M41, M42
Suggested Citation: Suggested Citation