IDEAS home Printed from https://ideas.repec.org/a/eee/teinso/v82y2025ics0160791x2500137x.html

Reducing cybersecurity vulnerabilities in the supply base: Insights from cyber experts

Author

Listed:
  • Handfield, Robert
  • Earp, Julie
  • Sadeghi, Amir Hossein

Abstract

Cybersecurity has emerged as one of the greatest risks in global supply chains and is of interest to both practitioners and academic researchers. However, current approaches largely assume that data breaches involve external parties directly attacking the organization. Prior research overlooks a critical element, namely that suppliers are often electronically integrated with companies, and represent a critical vulnerability that is often exploited by cybercriminals. This study provides a process-driven approach for addressing this gap for logistics managers to apply. We discover that supplier and distributor cybersecurity protection is a core part of a logistics and procurement managers’ responsibility and is no longer just an IT concern. Our analysis focuses on practical insights developed through targeted subject-matter expert (SME) interviews. We cover the methodologies employed to conduct our qualitative investigation, as well as the results of the study. In this study, we began by noting that most studies in cybersecurity assume that vulnerabilities are largely internal to the organization. We develop a qualitatively derived set of best practices based on subject matter interviews that outlines the key steps for addressing supply base cyber-vulnerabilities. We discuss the results of the interviews and the implications of this research for managers, and how they may ensure that vulnerabilities in the supply base are addressed. This framework requires additional validation but provides a strong basis for supply chain managers to consider.

Suggested Citation

  • Handfield, Robert & Earp, Julie & Sadeghi, Amir Hossein, 2025. "Reducing cybersecurity vulnerabilities in the supply base: Insights from cyber experts," Technology in Society, Elsevier, vol. 82(C).
    • Handle: RePEc:eee:teinso:v:82:y:2025:i:c:s0160791x2500137x
    DOI: 10.1016/j.techsoc.2025.102947
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0160791X2500137X
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.techsoc.2025.102947?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Kshetri, Nir, 2017. "Blockchain's roles in strengthening cybersecurity and protecting privacy," Telecommunications Policy, Elsevier, vol. 41(10), pages 1027-1038.
    2. Steven A. Melnyk & Tobias Schoenherr & Cheri Speier-Pero & Chris Peters & Jeff F. Chang & Derek Friday, 2022. "New challenges in supply chain management: cybersecurity across the supply chain," International Journal of Production Research, Taylor & Francis Journals, vol. 60(1), pages 162-183, January.
    3. Dmitry Ivanov & Alexandre Dolgui & Boris Sokolov, 2019. "The impact of digital technology and Industry 4.0 on the ripple effect and supply chain risk analytics," International Journal of Production Research, Taylor & Francis Journals, vol. 57(3), pages 829-846, February.
    4. Margareta Heidt & Jin P. Gerlach & Peter Buxmann, 2019. "Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments," Information Systems Frontiers, Springer, vol. 21(6), pages 1285-1305, December.
    5. Snoeck, André & Udenio, Maximiliano & Fransoo, Jan C., 2019. "A stochastic program to evaluate disruption mitigation investments in the supply chain," European Journal of Operational Research, Elsevier, vol. 274(2), pages 516-530.
    6. Heidt, Margareta & Gerlach, Jin & Buxmann, Peter, 2019. "Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 118284, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    7. Anne Touboulic & Lucy McCarthy & Lee Matthews, 2020. "Re‐imagining supply chain challenges through critical engaged research," Journal of Supply Chain Management, Institute for Supply Management, vol. 56(2), pages 36-51, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Abderrazak Laghouag & Faiz bin Zafrah & Mohamed Rafik Noor Mohamed Qureshi & Alhussain Ali Sahli, 2024. "Eliminating Non-Value-Added Activities and Optimizing Manufacturing Processes Using Process Mining: A Stock of Challenges for Family SMEs," Sustainability, MDPI, vol. 16(4), pages 1-20, February.
    2. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 0. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 0, pages 1-18.
    3. Simon Kratzer & Andreas Drechsler & Markus Westner & Susanne Strahringer, 2022. "The Fractional CIO in SMEs: conceptualization and research agenda," Information Systems and e-Business Management, Springer, vol. 20(3), pages 581-611, September.
    4. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 2021. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 23(3), pages 773-790, June.
    5. Adeniran, Olusegun Samson & Ajagun, Olusegun Peter & Kehinde James & Bolarinwa, Abike Sehilat, 2025. "Emerging Technologies and Quality of Financial Reporting of Selected Quoted Firms," International Journal of Research and Innovation in Social Science, International Journal of Research and Innovation in Social Science (IJRISS), vol. 9(7), pages 371-388, July.
    6. Dutta, Pankaj & Choi, Tsan-Ming & Somani, Surabhi & Butala, Richa, 2020. "Blockchain technology in supply chain operations: Applications, challenges and research opportunities," Transportation Research Part E: Logistics and Transportation Review, Elsevier, vol. 142(C).
    7. Elvira Ismagilova & Laurie Hughes & Nripendra P. Rana & Yogesh K. Dwivedi, 2022. "Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework," Information Systems Frontiers, Springer, vol. 24(2), pages 393-414, April.
    8. Bulbul Ahamed & Mohammad Rashed Hasan Polas & Ahmed Imran Kabir & Abu Saleh Md. Sohel-Uz-Zaman & Abdullah Al Fahad & Saima Chowdhury & Mrittika Rani Dey, 2024. "Empowering Students for Cybersecurity Awareness Management in the Emerging Digital Era: The Role of Cybersecurity Attitude in the 4.0 Industrial Revolution Era," SAGE Open, , vol. 14(1), pages 21582440241, February.
    9. Tejaswini C. Herath & Hemantha S. B. Herath & David Cullum, 2023. "An Information Security Performance Measurement Tool for Senior Managers: Balanced Scorecard Integration for Security Governance and Control Frameworks," Information Systems Frontiers, Springer, vol. 25(2), pages 681-721, April.
    10. Marcel Rolf Pfeifer, 2021. "Development of a Smart Manufacturing Execution System Architecture for SMEs: A Czech Case Study," Sustainability, MDPI, vol. 13(18), pages 1-23, September.
    11. Abderahman Rejeb & Karim Rejeb & Steve Simske & Horst Treiblmaier, 2021. "Blockchain Technologies in Logistics and Supply Chain Management: A Bibliometric Review," Logistics, MDPI, vol. 5(4), pages 1-28, October.
    12. K. Katsaliaki & P. Galetsi & S. Kumar, 2022. "Supply chain disruptions and resilience: a major review and future research agenda," Annals of Operations Research, Springer, vol. 319(1), pages 965-1002, December.
    13. Charlotte Wendt & Martin Adam & Alexander Benlian & Sascha Kraus, 2022. "Let’s Connect to Keep the Distance: How SMEs Leverage Information and Communication Technologies to Address the COVID-19 Crisis," Information Systems Frontiers, Springer, vol. 24(4), pages 1061-1079, August.
    14. Federico Iannacci & Colm Fearon & Kristine Pole, 2021. "From Acceptance to Adaptive Acceptance of Social Media Policy Change: a Set-Theoretic Analysis of B2B SMEs," Information Systems Frontiers, Springer, vol. 23(3), pages 663-680, June.
    15. Alessandro Acquisti & Tamara Dinev & Mark Keil, 2019. "Editorial: Special issue on cyber security, privacy and ethics of information systems," Information Systems Frontiers, Springer, vol. 21(6), pages 1203-1205, December.
    16. You-Shyang Chen & Jerome Chih-Lung Chou & Yu-Sheng Lin & Ying-Hsun Hung & Xuan-Han Chen, 2023. "Identification of SMEs in the Critical Factors of an IS Backup System Using a Three-Stage Advanced Hybrid MDM–AHP Model," Sustainability, MDPI, vol. 15(4), pages 1-29, February.
    17. Kaur, Harpreet & Gupta, Mahima & Singh, Surya Prakash, 2024. "Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains," International Journal of Production Economics, Elsevier, vol. 275(C).
    18. Mohammad Hamzehlou, 2024. "System dynamics model for an agile pharmaceutical supply chain during COVID‑19 pandemic in Iran," PLOS ONE, Public Library of Science, vol. 19(1), pages 1-31, January.
    19. Guo, Hailan & Shen, Zhen & Chen, Yanting & Dong, Ming, 2025. "Analyzing the impact of government R&D subsidy and digital transformation on supply chain risk dynamics management and firm performance in the China's chip industry," International Journal of Production Economics, Elsevier, vol. 281(C).
    20. Zhinan Li & Qinming Liu & Chunming Ye & Ming Dong & Yihan Zheng, 2022. "Achieving Resilience: Resilient Price and Quality Strategies of Fresh Food Dual-Channel Supply Chain Considering the Disruption," Sustainability, MDPI, vol. 14(11), pages 1-24, May.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:teinso:v:82:y:2025:i:c:s0160791x2500137x. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/technology-in-society .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.