Download This PaperCybersecurity Risk through the Supply Chain: Evidence from Relationship-Specific Investment
46 Pages Posted: 14 Jan 2025
Date Written: October 21, 2020
Abstract
The research problem
This study examines how suppliers adjust their relationship-specific investment (RSI) in response to unexpected cybersecurity attacks affecting their major customers.
Motivation or theoretical reasoning
Major customers play a pivotal role for many firms, often fostering enduring trading relationships with suppliers, especially in the U.S. Strong ties with these customers can offer a competitive advantage. However, these relationships frequently require investments that hold value primarily within the partnership. As cyberattacks grow more prevalent, cybersecurity has become an urgent concern. Our initial analysis indicates that when a customer experiences a cyberattack, their sales growth declines by around 8%, while suppliers face an approximate 12% drop. Understanding the impact of cyberattacks on RSI with major customers is therefore essential.
The test hypotheses
Hypothesis 1: Suppliers reduce RSI following a cyberattack affecting their customer firms.
Hypothesis 2: Suppliers facing higher financial distress risk experience a larger reduction in RSI compared to those with lower risk.
Hypothesis 3: Suppliers with higher investments in information technology and cybersecurity experience a smaller reduction in RSI compared to those with lower investment levels.
Target population
This study focuses on supplier firms that have at least one customer who has experienced a data breach.
Adopted methodology
Ordinary least square regression models.
Analyses
The annual transaction-weighted R&D intensity for each customer–supplier pair serves as a proxy for suppliers’ RSI, with weights representing the significance of each customer to the supplier. The independent variable is an indicator set to one for customer firms affected by a cyberattack post-incident, and zero for customers prior to the attack as well as unaffected customer firms.
Findings
The study finds that firms significantly decrease their RSI after a customer data breach. Further analysis shows that this reduction is more pronounced among suppliers at greater financial risk. However, a substantial investment in information technology and cybersecurity mitigates the negative impact, highlighting the importance of robust risk management practices in sustaining product–market relationships.
Suggested Citation: Suggested Citation
Do, Trung K. and Huang, Henry Hongren and Le, Anh-Tuan, Cybersecurity Risk through the Supply Chain: Evidence from Relationship-Specific Investment (October 21, 2020). Available at SSRN: https://ssrn.com/abstract=5073044 or http://dx.doi.org/10.2139/ssrn.5073044
Feedback
Feedback to SSRN