An Impact-wave Analogy for Managing Cyber Risks in Supply Chains

摘要

Supply chains are dependent on Information Technology (IT) and cyberspace processes. Yet, despite the advantages of its increased connectivity and systems integration with suppliers and customers, this also opens the door to new risks from and to supply chain partners. Literature in this nascent research area is limited, with few frameworks available to complement traditional risk management methods. This paper shows the current results of a literature review on the field of supply chain cyber risk management (SCCRM), with the aim of gathering and structuring its extant literature and proposing a taxonomy that will give a better overview of the approaches found in the scientific literature. This taxonomy is then used to propose a novel SCCRM framework. Finally, a novel Impact-Wave analogy is presented to provide a graphical understanding of the application of this framework.