Building Supply Chain Resilience to Cyber Risks: A Dynamic Capabilities Perspective

Michael Herburger*, Andreas Wieland, Carina Hochstrasser

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

33 Downloads (Pure)

Abstract

Purpose
Disruptive events caused by cyber incidents, such as supply chain (SC) cyber incidents, can affect firms’ SC operations on a large scale, causing disruptions in material, information and financial flows and impacting the availability, integrity and confidentiality of SC assets. While SC resilience (SCRES) research has received much attention in recent years, the purpose of this study is to investigate specific capabilities for building SCRES to cyber risks. Based on a nuanced understanding of SC cyber risk characteristics, this study explores how to build SC cyber resilience (SCCR) using the perspective of dynamic capability (DC) theory.

Design/methodology/approach
Based on 79 in-depth interviews, this qualitative study examines 28 firms representing 4 SCs in Central Europe. The researchers interpret data from semistructured interviews and secondary data using the DC perspective, which covers sensing, seizing and transforming.

Findings
The authors identify SCRES capabilities, in general, and SCCR-specific capabilities that form the basis for the realignment of DCs for addressing cyber risks in SCs. The authors argue that SCRES capabilities should, in general, be combined with specific capabilities for SCCR to deal with SC cyber risks. Based on these findings, 10 propositions for future research are provided.

Practical implications
Practitioners should collaborate specifically to address cyber threats and risks in SCs, integrate new SC partners and use new approaches. Furthermore, this study shows that cyber risks need to be treated differently from traditional SC risks.

Originality/value
This empirical study enriches the SC management literature by examining SCRES to cyber risks through the insightful lens of DCs. It identifies DCs for building SCCR, makes several managerial contributions and is among the few that apply the DC approach to address specific SC risks.
Original languageEnglish
JournalSupply Chain Management: An International Journal
Volume29
Issue number7
Pages (from-to)28-50
Number of pages23
ISSN1359-8546
DOIs
Publication statusPublished - 2024

Keywords

  • Supply chain resilience
  • Cyber risks
  • Dynamic capabilities

Cite this