Reducing cybersecurity vulnerabilities in the supply base: Insights from cyber experts

Cybersecurity has emerged as one of the greatest risks in global supply chains and is of interest to both practitioners and academic researchers. However, current approaches largely assume that data breaches involve external parties directly attacking the organization. Prior research overlooks a critical element, namely that suppliers are often electronically integrated with companies, and represent a critical vulnerability that is often exploited by cybercriminals. This study provides a process-driven approach for addressing this gap for logistics managers to apply. We discover that supplier and distributor cybersecurity protection is a core part of a logistics and procurement managers’ responsibility and is no longer just an IT concern. Our analysis focuses on practical insights developed through targeted subject-matter expert (SME) interviews. We cover the methodologies employed to conduct our qualitative investigation, as well as the results of the study. In this study, we began by noting that most studies in cybersecurity assume that vulnerabilities are largely internal to the organization. We develop a qualitatively derived set of best practices based on subject matter interviews that outlines the key steps for addressing supply base cyber-vulnerabilities. We discuss the results of the interviews and the implications of this research for managers, and how they may ensure that vulnerabilities in the supply base are addressed. This framework requires additional validation but provides a strong basis for supply chain managers to consider.