Cyber security risks in globalized supply chains: conceptual framework

2020 ◽  
Vol 13 (1) ◽  
pp. 103-128 ◽  
Author(s):  
Shipra Pandey ◽  
Rajesh Kumar Singh ◽  
Angappa Gunasekaran ◽  
Anjali Kaushik
Keyword(s):  
Supply Chains ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Point Of View ◽  
Mitigation Strategies ◽  
Future Research ◽  
Security Risk ◽  
Security Risks ◽  
Content Type ◽  
Efficiency And Effectiveness

Purpose The purpose of this study is to examine cyber security risks in globalized supply chains (SCs). It has been seen to have a greater impact on the performance of SCs. The information and communication technology of a firm, which enhances the efficiency and effectiveness in the SC, could simultaneously be the cause of vulnerabilities and exposure to security threats. Researchers have primarily focussed on the cyber-physical system (CPS) vulnerabilities impacting SC. This paper tries to categorize the cyber security risks occurring because of the SCs operating in CPS. Design/methodology/approach Based on the flow of information along the upstream and downstream SC, this paper tries to identify cyber security risks in the global SCs. It has further tried to categorize these cyber security risks from a strategic point of view. Findings This paper tries to identify the various cyber security risk and cyber-attacks in globalized SC for improving the performance. The 16 cyber security risks have been categorized into three categories, namely, supply risk, operational risk and demand risk. The paper proposes a framework consisting of different cyber-attacks across the information that flows in global SCs along-with suitable mitigation strategies. Research limitations/implications The paper presents the conceptual model of cyber security risks and cyber-attacks in globalized SCs based on literature review and industry experts. Further validation and scale development of these risks can be done through empirical study. Practical implications This paper provides significant managerial insights by developing a framework for understanding the cyber security risks in terms of the drivers of these risks and how to deal with them. From a managerial perspective, this framework can be used as a decision-making process while considering different cyber security risks across the stages of globalized SCs. Originality/value The major contribution of this study is the identification and categorization of cyber security risks across the global SCs in the digital age. Thus, this paper introduces a new phenomenon to the field of management that has the potential to investigate new areas of future research. Based on the categorization, the paper provides insights on how cyber security risks impact the continuity of SC operations.

Differences in security risk perceptions between logistics companies and cargo owners

2016 ◽  
Vol 27 (2) ◽  
pp. 418-437 ◽  
Author(s):  
Luca Urciuoli ◽  
Juha Hintsa
Keyword(s):  
Supply Chain ◽  
Supply Chains ◽  
Latin American ◽  
Risk Perceptions ◽  
Mitigation Strategies ◽  
Security Measures ◽  
Security Risk ◽  
Security Risks ◽  
Content Type ◽  
Perception Of Security

Purpose – Supply chain stakeholders may perceive security risks differently and thereby misalign mitigation strategies. Hence, causing weak spots in supply chains and thereby disruptions. The purpose of this paper is to determine whether supply chain companies actually perceive security risks and effectiveness of mitigation strategies differently. Design/methodology/approach – Two survey studies measuring perception of security risks and effectiveness of measures have been developed and used to collect data from European and Latin American companies, grouped as cargo owners and logistics companies. Findings – The findings of the surveys unveil that only two (out of six) security risks, namely, violation of customs non-fiscal regulations and illegal immigration, show significant differences between the two groups of companies. In addition, the surveys show that companies perceive equally the effectiveness of security measures. This study concludes that supply chains seem to have good visibility over the security risks of their partners. Hence, in terms of security, supply chain companies seem to have achieved a common understanding of risks and furthermore are able to act jointly to secure assets and operations. Originality/value – Previous research claim supply chain stakeholders may perceive risks differently and thereby may fail to correctly align mitigation strategies. Yet, to the authors knowledge, previous research has not empirically demonstrated these differences in perceptions of risks and mitigation strategies.

Strategic capabilities for managing risks in supply chains: current state and research futurities

2019 ◽  
Vol 17 (2) ◽  
pp. 173-211 ◽  
Author(s):  
Vishnu C.R. ◽  
R. Sridharan ◽  
Angappa Gunasekaran ◽  
P.N. Ram Kumar
Keyword(s):  
Supply Chain ◽  
Literature Review ◽  
Supply Chains ◽  
Future Research ◽  
Content Type ◽  
Efficiency And Effectiveness ◽  
Strategic Capabilities ◽  
And Performance ◽  
Potential Methods ◽  
Supply Chain Risks

Purpose The purpose of this paper is to investigate the distinction and relationships between the significant strategic capabilities for managing risks in supply chains. This intersectional review exposes a substantial conceptual contradiction between the perspectives reported by various researchers. Further, the current paper classifies the literature into four categories according to the broad objectives investigated by the research papers. Design/methodology/approach Initially, a bibliometric analysis aligned with the concepts of a systematic literature review is conducted followed by a descriptive review focusing on models and methods. The software called BibExcel is utilized to extract and analyze the bibliographic information in a textual form from the research articles associated with strategic capabilities of the logistics sector. The results are exported to the software known as Gephi to visualize keyword co-occurrence analysis as networks. A well-structured descriptive review is also conducted to identify avenues for future research. Findings Despite conventional supply chain capabilities like efficiency and effectiveness, eight significant strategic capabilities of supply chains for managing risks are identified from the literature. These capabilities with positive connotations include flexibility, reliability, resilience, robustness, agility, adaptability, alignment and responsiveness. Considering the vast literature on flexibility/reliability along with its numerous dimensions and scope, the authors found that resilience, robustness, agility, adaptability, alignment and effectiveness are achievable through flexibility/reliability. Accordingly, it is appropriate to state reliability and flexibility as supply chain capabilities to achieve the other six supply chain competencies. Furthermore, the entire literature in this domain can be classified into four genres according to the addressed objectives, namely, concept development/validation, capability assessment, network design and performance evaluation. Research limitations/implications The information revealed from the keyword co-occurrence analysis along with the research implications provided in the penultimate section will assist budding researchers in framing novel and promising research objectives. Supply chain administrators and policymakers can utilize the literature classification and the notable references provided in this review for locating potential methods for assessing supply chain strategic capabilities, designing the supply chain and evaluating the performance of the supply chain. Originality/value An integrated bibliometric and descriptive literature review procedure is utilized in this paper. Furthermore, this critical review is the first work on comprehensively mapping the research relationships among various strategic capabilities required for mitigating supply chain risks.

Classification and characterization of US consumers based on their perceptions of risk of tablet use in international hotels

2019 ◽  
Vol 10 (3) ◽  
pp. 233-254 ◽  
Author(s):  
Cristian Morosan ◽  
Agnes DeFranco
Keyword(s):  
Cyber Security ◽  
Risk Perceptions ◽  
Latent Profile Analysis ◽  
Profile Analysis ◽  
Cyber Attacks ◽  
Security Risk ◽  
Content Type ◽  
Perceptions Of Risk ◽  
Using Data

Purpose Cyber-attacks on hotel information systems could threaten the privacy of consumers and the integrity of the data they exchange upon connecting their mobile devices to hotel networks. As the perceived cyber-security risk may be reflected heterogeneously within the US consumer population traveling internationally, the purpose of this study is to examine such heterogeneity to uncover classes of US consumers based on their perceptions of risk of using tablets for various tasks when staying in hotels abroad. Design/methodology/approach Using data collected from 1,016 US consumers who stayed in hotels abroad, this study used latent profile analysis (LPA) to classify the consumers based on their perceptions of risk associated with several tablet use behaviors in hotels. Findings The analysis uncovered four latent classes and produced a characterization of these classes according to several common behavioral (frequency of travel, the continent of the destination, duration of stay and purpose of travel) and demographic (gender, age, income and education) consumer characteristics. Originality/value Being the first study that classifies consumers based on the risk of using tablets in hotels while traveling internationally, this study brings the following contributions: offers a methodology of classifying (segmenting) consumer markets based on their cyber-security risk perceptions, uses LPA, which provides opportunities for an accurate and generalizable characterization of multivariate data that comprehensively illustrate consumer behavior and broadens the perspective offered by the current literature by focusing on consumers who travel from their US residence location to international destinations.

Cyber security and the disaster resilience framework

2020 ◽  
Vol 11 (4) ◽  
pp. 507-518
Author(s):  
Abhilash Panda ◽  
Andrew Bower
Keyword(s):  
Cyber Security ◽  
Local Level ◽  
Evidence Base ◽  
Disaster Resilience ◽  
Security Risk ◽  
Security Risks ◽  
Content Type ◽  
Cascading Effects ◽  
Resilience Framework ◽  
First Time

Purpose The purpose of this paper is to concentrate on the place of cyber security risk in the framework of global commitments adopted in 2015 to reduce disaster risks in an all-hazards approach. It explores the correlations between traditional risks associated with critical infrastructures – as understood by the Sendai framework – cyber security risks and the cascading effects characteristic of today’s complex and interrelated shocks and stresses. It takes a step further, expanding the focus of traditionally understood technological risks to explore cyber security risks, at the heart of our societies’ digital transformations,and showcase opportunities from the European context. Design/methodology/approach By reviewing existing literature on cyber security, disaster resilience and cascading disasters, this paper highlights current challenges and good practices undertaken by various governments. Findings Understanding disaster risks is a precondition to improving the mitigation of impacts of existing risks and preventing new risks. Effective risk reduction relies on a solid understanding of losses resulting from events to inform future actions, and on the assessment of risks relying on a robust evidence base and state-of-the-art scientific capacity to model and simulate potential hazards. In this context, embedding cyber security risks, and the complexity of cascading impacts in improving the understanding of disaster risks, calls for appropriate methods and tools allowing for a multi-risk and holistic focus to the assessment of risks and the planning of risk management capacities that follow. Research limitations/implications Globally and in Europe, focus on interconnected risk and their impacts is steadily increasing. Risk assessments are still conservative; incorporation of cyber resilience into national and local level DRR plans is yet not visible. Originality/value Existing research is restricted to cyber security and disaster resilience, as separated subjects. This paper, for the first time, brings together the interconnection between the two topic options to address them.

scholarly journals Managing cyber risk in supply chains: a review and research agenda

2019 ◽  
Vol 25 (2) ◽  
pp. 223-240 ◽  
Author(s):  
Abhijeet Ghadge ◽  
Maximilian Weiß ◽  
Nigel D. Caldwell ◽  
Richard Wilding
Keyword(s):  
Supply Chain ◽  
Literature Review ◽  
Supply Chains ◽  
Conceptual Model ◽  
Systematic Literature Review ◽  
Cyber Security ◽  
Future Research ◽  
Security Systems ◽  
Content Type ◽  
Cyber Risk

Purpose In spite of growing research interest in cyber security, inter-firm based cyber risk studies are rare. Therefore, this study aims to investigate cyber risk management in supply chain contexts. Design/methodology/approach Adapting a systematic literature review process, papers from interdisciplinary areas published between 1990 and 2017 were selected. Different typologies, developed for conducting descriptive and thematic analysis, were established using data mining techniques to conduct a comprehensive, replicable and transparent review. Findings The review identifies multiple future research directions for cyber security/resilience in supply chains. A conceptual model is developed, which indicates a strong link between information technology, organisational and supply chain security systems. The human/behavioural elements within cyber security risk are found to be critical; however, behavioural risks have attracted less attention because of a perceived bias towards technical (data, application and network) risks. There is a need for raising risk awareness, standardised policies, collaborative strategies and empirical models for creating supply chain cyber-resilience. Research limitations/implications Different types of cyber risks and their points of penetration, propagation levels, consequences and mitigation measures are identified. The conceptual model developed in this study drives an agenda for future research on supply chain cyber security/resilience. Practical implications A multi-perspective, systematic study provides a holistic guide for practitioners in understanding cyber-physical systems. The cyber risk challenges and the mitigation strategies identified support supply chain managers in making informed decisions. Originality/value To the best of the authors’ knowledge, this is the first systematic literature review on managing cyber risks in supply chains. The review defines supply chain cyber risk and develops a conceptual model for supply chain cyber security systems and an agenda for future studies.

scholarly journals Application of Bayesian network in risk assessment for website deployment scenarios

2022 ◽  
Vol 2 (14) ◽  
pp. 3-16
Author(s):  
Vu Thi Huong Giang ◽  
Nguyen Manh Tuan
Keyword(s):  
Risk Assessment ◽  
Bayesian Network ◽  
Cyber Security ◽  
Rapid Development ◽  
Cyber Attacks ◽  
Security Risk ◽  
Security Testing ◽  
Security Risks ◽  
Web Based ◽  
Assessment Results

Abstract—The rapid development of web-based systems in the digital transformation era has led to a dramatic increase in the number and the severity of cyber-attacks. Current attack prevention solutions such as system monitoring, security testing and assessment are installed after the system has been deployed, thus requiring more cost and manpower. In that context, the need to assess cyber security risks before the deployment of web-based systems becomes increasingly urgent. This paper introduces a cyber security risk assessment mechanism for web-based systems before deployment. We use the Bayesian network to analyze and quantify the cyber security risks posed by threats to the deployment components of a website. First, the deployment components of potential website deployment scenarios are considered assets, so that their properties are mapped to specific vulnerabilities or threats. Next, the vulnerabilities or threats of each deployment component will be assessed according to the considered risk criteria in specific steps of a deployment process. The risk assessment results for deployment components are aggregated into the risk assessment results for their composed deployment scenario. Based on these results, administrators can compare and choose the least risky deployment scenario. Tóm tắt—Sự phát triển mạnh mẽ của các hệ thống trên nền tảng web trong công cuộc chuyển đổi số kéo theo sự gia tăng nhanh chóng về số lượng và mức độ nguy hiểm của các cuộc tấn công mạng. Các giải pháp phòng chống tấn công hiện nay như theo dõi hoạt động hệ thống, kiểm tra và đánh giá an toàn thông tin mạng được thực hiện khi hệ thống đã được triển khai, do đó đòi hỏi chi phí và nhân lực thực hiện lớn. Trong bối cảnh đó, nhu cầu đánh giá rủi ro an toàn thông tin mạng cho các hệ thống website trước khi triển khai thực tế trở nên cấp thiết. Bài báo này giới thiệu một cơ chế đánh giá rủi ro an toàn thông tin mạng cho các hệ thống website trước khi triển khai thực tế. Chúng tôi sử dụng mạng Bayes để phân tích và định lượng rủi ro về an toàn thông tin do các nguồn đe dọa khác nhau gây ra trên các thành phần triển khai của một website. Đầu tiên, các thành phần triển khai của các kịch bản triển khai website tiềm năng được mô hình hoá dưới dạng các tài sản, sao cho các thuộc tính của chúng đều được ánh xạ với các điểm yếu hoặc nguy cơ cụ thể. Tiếp đó, các điểm yếu, nguy cơ của từng thành phần triển khai sẽ được đánh giá theo các tiêu chí rủi ro đang xét tại mỗi thời điểm cụ thể trong quy trình triển khai. Kết quả đánh giá của các thành phần triển khai được tập hợp lại thành kết quả đánh giá hệ thống trong một kịch bản cụ thể. Căn cứ vào kết quả đánh giá rủi ro, người quản trị có thể so sánh các kịch bản triển khai tiềm năng với nhau để lựa chọn kịch bản triển khai ít rủi ro nhất.

Blockchain and maritime supply-chain performance: dynamic capabilities perspective

2020 ◽  
Vol 12 (1) ◽  
pp. 24-34 ◽  
Author(s):  
Eric Lambourdiere ◽  
Elsa Corbin
Keyword(s):  
Supply Chain ◽  
Supply Chains ◽  
Dynamic Capabilities ◽  
Relevant Literature ◽  
Future Research ◽  
Supply Chain Performance ◽  
Content Type ◽  
Road Map ◽  
Blockchain Technology ◽  
Efficiency And Effectiveness

Purpose Maritime supply chains rely on electronic and paper-based processes, leading to efficiency bottlenecks. The purpose of this paper is to propose a theory for how implementing digitalization in the form of blockchain technology (BCT) can improve the efficiency and effectiveness of maritime supply chains. Design/methodology/approach This conceptual paper is grounded in dynamic capabilities, supply-chain management and digital supply-chain theories. Relevant literature is scrutinized to explain how BCT can improve supply-chain performance. Findings BCT mainly benefits supply-chain performance through the development of intangible capabilities, by leveraging the capabilities (resources) that maritime supply chains provide. Research limitations/implications This framework sets an analytical basis for future empirical research on BCT and maritime supply chains. As such, it can give only indications and aid in the theory-building process. Discussion on the value and effects of BCT on maritime supply chains is ongoing. Finally, the framework focuses on the application of one information technology in managing logistics activities, rather than taking a bundling approach. Practical implications Investments in digitalization improve the overall information sharing, coordination and visibility capabilities and performances of supply chains. Originality/value Although literature on BCT is extensive, this framework paper is the first to link BCT with dynamics capabilities and maritime supply-chain theory and will serve as a road map for future research and practice.

scholarly journals Difficulty in implementing continuous improvement – Rasch measurement analysis

2019 ◽  
Vol 25 (6) ◽  
pp. 1228-1250 ◽  
Author(s):  
Lidia Sanchez-Ruiz ◽  
Beatriz Blanco ◽  
Emma Diaz
Keyword(s):  
Continuous Improvement ◽  
Measurement Theory ◽  
Reliability And Validity ◽  
Rasch Measurement ◽  
Point Of View ◽  
Future Research ◽  
Theoretical Point ◽  
Content Type ◽  
Level Of Difficulty ◽  
New Perspective

Purpose The purpose of this paper is to define a general and common construct in order to measure the level of difficulty companies experience when they implement continuous improvement (CI). Additionally, a rank of barriers is obtained together with a rank of companies. Design/methodology/approach In order to achieve the objective, first, a literature review is carried out to specify the domain of the construct; second, a sample of items is selected; third a survey is carried out in companies that have already implemented CI initiatives, the results being thus limited to this population; fourth, measures are purified by analysing the reliability and validity of the measurements, and finally results are obtained. The Rasch measurement theory will be used to provide a new perspective on a mature research topic. Findings It can be concluded that a new valid construct has been defined together with a rank of CI barriers, being lack of time the main barrier. A rank of companies is also obtained which is a first step in the development of future research studies. Practical implications Managers are provided with a better understanding of the barriers that can obstruct CI implementation. Thus, the rank of CI barriers guides managers through the most common and important obstacles so that they will be able to plan better CI strategies. In addition, the rank of companies allows each company to undertake a benchmarking exercise. Originality/value This work proposes a new way of analysing the difficulty in implementing CI as a continuum, rather than as independent barriers. From a theoretical point of view, it defines a new construct and offers a rank of CI barriers together with a rank of companies based on their level of difficulty when implementing CI initiatives. This is something new, as previous studies were mainly focussed on the items side. From a practical point of view, this study offers the surveyed companies the opportunity to see how they are positioned with respect to the other companies. Moreover, this rank of companies is the foundation on which to develop further studies with a practical orientation in the future.

A review on in-tire sensor systems for tire-road interaction studies

Sensor Review ◽  
2018 ◽  
Vol 38 (2) ◽  
pp. 231-238 ◽  
Author(s):  
Yi Xiong ◽  
Xiaoguang Yang
Keyword(s):  
Optical Sensors ◽  
Technology Development ◽  
Autonomous Driving ◽  
Point Of View ◽  
Future Research ◽  
Sensor Systems ◽  
Vehicle Performance ◽  
Content Type ◽  
Sensing Systems ◽  
Sensing Technology

Purpose The aim of this paper is threefold: first, to review the technological state of the art on tire sensor systems; second, to summarize basic methodologies and explore the potential of tire sensing for intelligent vehicle developments and third, to address challenges in the development of tire sensing systems and inspire future research in this field. Design/methodology/approach Nowadays, automotive industry is moving toward an intelligent and autonomous driving era with the assistance of sensing technology development, whereas tire-road conditions sensing and utilization are of great interest from the point of view of vehicle dynamics control, vehicle safety and vehicle performance evaluation. Findings Tire sensing is an emerging technology whereby sensor systems are installed on the tire to provide fundamental insights into tire-road interactions for ground vehicles and wheel robots. In the past two decades, tire sensing systems based on various sensor types have been proposed to offer the possibility to investigate tire-road interactions. Originality/value Instrumenting the tire with sensors, especially accelerometers and optical sensors, can sense the tire-road interactions and enhance the vehicle performance. The harsh environment inside tire cavity requires reliable, accurate, low weight, modularized and inexpensive sensors. Challenges, such as the data transmission, power management, lack of physics-based tire models need to be solved before the tire sensor becomes commercially viable for production vehicles.

Cyber risk management in SMEs: insights from industry surveys

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Felicitas Hoppe ◽  
Nadine Gatzert ◽  
Petra Gruner
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Future Research ◽  
Management Process ◽  
Content Type ◽  
Security Culture ◽  
Current State ◽  
Enterprise Risk ◽  
Risk Management Process ◽  
Cyber Risk

PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.

Sign in / Sign up

Export Citation Format

Share Document