Location
Hilton Hawaiian Village, Honolulu, Hawaii
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2024 12:00 AM
End Date
6-1-2024 12:00 AM
Description
Small and medium-sized enterprises (SMEs) have long been known to be a weak link in supply chain cybersecurity. Despite their crucial role in the global supply chain, SMEs and their struggle to increase cyber resiliency and improve their defenses is understudied in academic literature. This paper uses qualitative research methods to conduct an empirical study of the challenges SMEs encounter when participating in third party cybersecurity risk assessments. Using interviews with cybersecurity and supply chain practitioners, this study provides an overview of four major risk assessment methods (i.e., questionnaires, audits and certifications, security rating services, and direct testing) and the problems that arise when companies apply tools designed for large corporations to SMEs. Results discuss how and why traditional methods fail and offers insights on how to improve third party risk of SMEs moving forward.
Recommended Citation
Kwong, Jillian and Pearlson, Keri, "Supply Chain Cybersecurity and Small and Medium-Sized Enterprises (SMEs): Exploring Shortcomings in Third Party Risk Management of SMEs" (2024). Hawaii International Conference on System Sciences 2024 (HICSS-57). 4.
https://aisel.aisnet.org/hicss-57/os/practice-based_research/4
Supply Chain Cybersecurity and Small and Medium-Sized Enterprises (SMEs): Exploring Shortcomings in Third Party Risk Management of SMEs
Hilton Hawaiian Village, Honolulu, Hawaii
Small and medium-sized enterprises (SMEs) have long been known to be a weak link in supply chain cybersecurity. Despite their crucial role in the global supply chain, SMEs and their struggle to increase cyber resiliency and improve their defenses is understudied in academic literature. This paper uses qualitative research methods to conduct an empirical study of the challenges SMEs encounter when participating in third party cybersecurity risk assessments. Using interviews with cybersecurity and supply chain practitioners, this study provides an overview of four major risk assessment methods (i.e., questionnaires, audits and certifications, security rating services, and direct testing) and the problems that arise when companies apply tools designed for large corporations to SMEs. Results discuss how and why traditional methods fail and offers insights on how to improve third party risk of SMEs moving forward.
https://aisel.aisnet.org/hicss-57/os/practice-based_research/4