Supply Chain Cybersecurity and Small and Medium-Sized Enterprises (SMEs): Exploring Shortcomings in Third Party Risk Management of SMEs
Files
Date
2024-01-03
Authors
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
6656
Ending Page
Alternative Title
Abstract
Small and medium-sized enterprises (SMEs) have long been known to be a weak link in supply chain cybersecurity. Despite their crucial role in the global supply chain, SMEs and their struggle to increase cyber resiliency and improve their defenses is understudied in academic literature. This paper uses qualitative research methods to conduct an empirical study of the challenges SMEs encounter when participating in third party cybersecurity risk assessments. Using interviews with cybersecurity and supply chain practitioners, this study provides an overview of four major risk assessment methods (i.e., questionnaires, audits and certifications, security rating services, and direct testing) and the problems that arise when companies apply tools designed for large corporations to SMEs. Results discuss how and why traditional methods fail and offers insights on how to improve third party risk of SMEs moving forward.
Description
Keywords
Practice-based IS Research, cyber risk management, cybersecurity, small and medium-sized enterprises, supply chains, third party risk assessments
Citation
Extent
9 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 57th Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Collections
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.