Assessing Supply Chain Cyber Risks
This addresses cyber risk management for supply chain managers, but it is incremental as it builds on existing methods with expert judgment and forecasting.
The paper tackles the challenge of supply chain cyber risk assessment by introducing a general approach that incorporates attack techniques and impacts, using structured expert judgment due to data scarcity, and couples forecasting models for risk monitoring, enabling applications like risk alarms and supplier ranking.
Risk assessment is a major challenge for supply chain managers, as it potentially affects business factors such as service costs, supplier competition and customer expectations. The increasing interconnectivity between organisations has put into focus methods for supply chain cyber risk management. We introduce a general approach to support such activity taking into account various techniques of attacking an organisation and its suppliers, as well as the impacts of such attacks. Since data is lacking in many respects, we use structured expert judgment methods to facilitate its implementation. We couple a family of forecasting models to enrich risk monitoring. The approach may be used to set up risk alarms, negotiate service level agreements, rank suppliers and identify insurance needs, among other management possibilities.