Supply Chain Digitalization and Vulnerability to Cyber Risks

The rapidly evolving digitalization of supply chains has transformed traditional procurement processes, thereby enhancing efficiency and collaboration. However, this increased reliance on digital technologies exposes organizations to heightened cyber risks. This conceptual paper qims to explore the double-edged sword of supply chain digitalization (SCD): While SCD, offers significant benefits in efficiency and transparency, it also introduces and increases the vulnerability to cyber risks. Leveraging concepts from Supply Chain Management (SCM), Information Systems (IS), and Cybersecurity, this paper develops a basis to understand how the adoption of key digital technologies—such as the Internet of Things (IoT), Blockchain, Cloud Computing, and Enterprise Resource Planning (ERP) systems—widens the cyber-attack surface. This is particularly critical in a developing country like Nigeria, where challenges like inadequate digital infrastructure, limited cybersecurity skills, and evolving regulatory environment worsen inherent weaknesses. We discuss the potential consequences and suggest a theoretical model for developing cyber-resilient digital supply chains, and providing a groundwork for future empirical research. In addition, we discussed concepts of Technology-Organization-Environment (TOE) framework, combined with elements of organizational Resilience Theory (Sheffi, 2015). The TOE framework suggests that technology adoption is influenced by the technological setting, the organizational readiness, and the environmental pressures. We extend this by arguing that in a high-risk environment (the 'E' factor, which includes the cyber threat environment), the adoption of technology (SCD) must be balanced against the resulting system exposure (Vulnerability to cyber-risks -VCR).

Digitalization, Vulnerability, Cyber Risks, Resilience.

1. African Development Bank. (2020). African economic outlook 2020: Developing Africa’s workforce for the future. AfDB. [Google Scholar] [Crossref]

2. Adewumi, A., & Oluwaseyi, O. (2022). Cyber security in Nigeria: Trends, challenges and opportunities. Journal of Cyber Security and Information Systems, 1(1), 1–12. [Google Scholar] [Crossref]

3. Adebayo, O., & Ojo, T. (2020). Cybersecurity challenges in Nigerian logistics supply chains: An empirical investigation. Journal of Supply Chain Management Africa, 12(2), 45–59. [Google Scholar] [Crossref]

4. Adebayo, V. I., & Ojebode, M. T. (2022). Cybersecurity challenges in Nigeria's emerging digital economy. Nasarawa Journal of Management Sciences. [Google Scholar] [Crossref]

5. Baryannis, G., et al. (2019). Supply chain risk management and artificial intelligence: State of the art and future research directions. International Journal of Production Research. [Google Scholar] [Crossref]

6. Böhm, M., Weking, J., & Krcmar, H. (2018). The impact of cybersecurity on supply chain resilience. Proceedings of the 51st Hawaii International Conference on System Sciences. [Google Scholar] [Crossref]

7. Boyens, J., Paulsen, C., & Bartol, N. (2022). Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. NIST Special Publication 800-161r1. [Google Scholar] [Crossref]

8. Bostrom, R. P., & Heinen, J. S. (1977). MIS problems and failures: A socio-technical perspective. Management Information Systems Quarterly, 1(3), 17–32. [Google Scholar] [Crossref]

9. Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548. [Google Scholar] [Crossref]

10. Büyüközkan, G., & Göçer, F. (2018). Digital supply chain: Literature review and a framework for future research. Computers in Industry, 97, 157–169. [Google Scholar] [Crossref]

11. Chopra, S., & Meindl, P. (2016). Supply chain management: Strategy, planning, and operation. Pearson. [Google Scholar] [Crossref]

12. Chopra, S., & Sodhi, M. S. (2014). Managing risk to avoid supply-chain breakdown. MIT Sloan Management Review, 55(1), 53–61. [Google Scholar] [Crossref]

13. Christopher, M., & Peck, H. (2004). Building the resilient supply chain. International Journal of Logistics Management, 15(2), 1–13. [Google Scholar] [Crossref]

14. Chui, M., Manyika, J., & Miremadi, M. (2016). Where machines could replace humans—and where they can’t (yet). McKinsey Quarterly, (3), 1–13. [Google Scholar] [Crossref]

15. CISO. (2017). Cyber risk: A primer for boards and audit committees. Chief Information Security Officer (CISO) Magazine. [Google Scholar] [Crossref]

16. Colicchia, C., et al. (2021). Digitalisation and cyber resilience in supply chains. Production Planning & Control. [Google Scholar] [Crossref]

17. Erevelles, S., Fukawa, N., & Swayne, L. (2016). Big data and consumer behavior: Imminent opportunities and challenges. Journal of Consumer Marketing, 33(5), 309–316. [Google Scholar] [Crossref]

18. Eling, M., & Wirfs, J. (2019). What are the actual costs of cyber risk? Geneva Papers on Risk and Insurance - Issues and Practice, 44(4), 737–766. [Google Scholar] [Crossref]

19. Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information security risk management. Information Management & Computer Security, 22(5), 410-430. [Google Scholar] [Crossref]

20. Freund, J., & Jones, J. (2014). Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann. [Google Scholar] [Crossref]

21. Ghadge, A., Weiß, M., Caldwell, N., & Wilding, R. (2019). Managing cyber risk in supply chains: a review and research agenda. Supply Chain Management: An International Journal, 25(2), 223-240. [Google Scholar] [Crossref]

22. Gartner. (2020). Gartner glossary: Supply chain digitalization. [Google Scholar] [Crossref]

23. Greenberg, A. (2017). The untold story of NotPetya, the most devastating cyberattack in history. Wired. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ [Google Scholar] [Crossref]

24. He, Y., & Wang, Y. (2021). Cybersecurity risks in digitalized supply chains: A review and research agenda. Supply Chain Management Review, 27(5), 22–34. [Google Scholar] [Crossref]

25. Huang, X., Wang, X., & Liu, Y. (2020). Supply chain digitalization and cyber risk: A moderated mediation model. International Journal of Production Economics, 229, Article [Google Scholar] [Crossref]

26. 107746. https://doi.org/10.1016/j.ijpe.2020.107746 [Google Scholar] [Crossref]

27. International Organization for Standardization & International Electrotechnical Commission. (2018). ISO/IEC 27000:2018 information technology—Security techniques—Information security management systems—Overview and vocabulary. https://www.iso.org/standard/73906.html [Google Scholar] [Crossref]

28. Institute of Risk Management. (2020). Cyber risk: A guide for boards and risk managers. IRM. [Google Scholar] [Crossref]

29. Ivanov, D., Dolgui, A., & Sokolov, B. (2019). The impact of digital technology and Industry 4.0 on the ripple effect and supply chain risk analytics. International Journal of Production Research, 57(3), 829– 846. [Google Scholar] [Crossref]

30. Ivanov, D., Dolgui, A., & Sokolov, B. (2022). The impact of digital technology adoption on supply chain resilience. International Journal of Production Research, 60(3), 695–710. [Google Scholar] [Crossref]

31. Ivanov, D., et al. (2019). The impact of digital technology and Industry 4.0 on the ripple effect and supply chain risk analytics. International Journal of Production Research. [Google Scholar] [Crossref]

32. Jones, J. (2005). An Introduction to Factor Analysis of Information Risk (FAIR). Risk Management Insight LLC. [Google Scholar] [Crossref]

33. Kache, F., & Seuring, S. (2017). Challenges and opportunities of digital information at the intersection of Big Data Analytics and supply chain management. International Journal of Operations & Production Management, 37(1), 10–36. [Google Scholar] [Crossref]

34. Kamalahmadi, M., & Parast, M. M. (2016). A review of the literature on the principles of enterprise and supply chain resilience. International Journal of Production Economics, 171, 116–133. https://doi.org/10.1016/j.ijpe.2015.10.053 [Google Scholar] [Crossref]

35. Krebs, B. (2014, February 5). Target hackers broke in via HVAC company. Krebs on Security. https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ [Google Scholar] [Crossref]

36. Kshetri, N. (2018). Blockchain's roles in strengthening cybersecurity and protecting privacy. Telecommunications Policy, 42(10), 1027–1038. https://doi.org/10.1016/j.telpol.2018.10.003 [Google Scholar] [Crossref]

37. Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing—The business perspective. Decision Support Systems, 51(1), 176–189. [Google Scholar] [Crossref]

38. https://doi.org/10.1016/j.dss.2010.12.006 [Google Scholar] [Crossref]

39. National Information Technology Development Agency. (2022). Cyber risk trends in Nigerian enterprises. [Google Scholar] [Crossref]

40. National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. [Google Scholar] [Crossref]

41. Nigerian Communications Commission. (2022). Cyber security report 2022. [Google Scholar] [Crossref]

42. Nigerian Communications Commission. (2023). Annual report on cybersecurity incidents in Nigerian supply chains. [Google Scholar] [Crossref]

43. Oke, A., & Onwuegbuzie, H. (2020). Supply chain digitalization and operational performance: Evidence from Nigerian manufacturing firms. Journal of African Business, 21(4), 523–541. https://doi.org/10.1080/15228916.2019.1705441 [Google Scholar] [Crossref]

44. Olumide, S., & Adekunle, A. (2021). Assessing cyber risk preparedness in Nigerian manufacturing supply chains. African Journal of Information Systems, 13(1), 78–93. [Google Scholar] [Crossref]

45. Oluwaseyi, O., & Adewumi, A. (2021). Digitalization and cyber security in Nigerian organizations: A review of the literature. International Journal of Cyber Security and Digital Forensics, 10(2), 123–136. [Google Scholar] [Crossref]

46. Papanagnou, C., et al. (2022). Digital twins for supply chain cyber-resilience: A conceptual framework. Computers & Industrial Engineering. [Google Scholar] [Crossref]

47. Satter, R., & Polantz, K. (2021, May 13). Colonial Pipeline paid hackers nearly $5 million in ransom. AP News. [Google Scholar] [Crossref]

48. https://apnews.com/article/colonial-pipeline-hackers-ransome-payments0e0b0a4a4b4b4b4b4b4b4b4b4b4b [Google Scholar] [Crossref]

49. Tornatzky, L. G., & Fleischer, M. (1990). The processes of technological innovation. Lexington Books. [Google Scholar] [Crossref]

50. Whitmore, A., Agarwal, A., & Xu, L. D. (2015). The Internet of Things—A survey of topics and trends. Information Systems Frontiers, 17(2), 261–274. https://doi.org/10.1007/s10796-014-9489-3 [Google Scholar] [Crossref]

51. World Bank. (2022). Nigeria digital economy diagnostic report. [Google Scholar] [Crossref]

52. World Bank. (2023). Doing business in Africa: Regulatory environment and trade facilitation. [Google Scholar] [Crossref]

53. World Economic Forum. (2023). Global Risks Report 2023. [Google Scholar] [Crossref]

• The Effectiveness of Logistics Management - A Case Study of: Future Supply Chain Solutions Ltd (FSC)
• The Effect of E-Informing on Procurement Performance of Public Universities in Kenya: The Case of Egerton University
• Barriers to Circular Supply Chain Implementation in Indian Textile SMEs: An Exploratory Qualitative Study
• Sustainable Supply Chain to Enhance the Environmental Performance in the Cleaning Detergents Manufacturing Industry: Case of Harare, Zimbabwe
• Exploring Innovative Frontiers: Digital Public Infrastructure and Multimodal Connectivity as Catalysts for MSME Supply Chain Transformation in India