Table 4 Representative quotes underlying...

Table 4

Representative quotes underlying second-order transforming themes

Second-order theme First-order concepts	Representative quotes
Transforming Prioritizing long-term cyber risk-related SC collaboration	“Because we have done many things where we realize that we also have a strategic component when we say that the support from the supplier in this process is expandable. We will have other requirements in the future. For example, patching must be faster. The processes must be adapted. Then, you have something that is geared toward the long-term. We will then be in dialogue with the suppliers again. If necessary, there will be an adjustment to the contract. And if this should also have a monetary effect, then, of course, purchasing would be involved again.” Customer-CriSC1-IT Security-2 “That is the key, being proactive. That you say, they have to inform much more. In reality, you only get most of the information when they ask for it.” Customer-InsSC1-Logistics “That is, we certainly today find faster channels, secure channels to manage.” Supplier-InsSC1-Sales
Enhancing cyber risk-related SC reconfiguration	“That is, you have any problems with it all the time, and now they are strategically going to a in the medium-term, for example, so that their software runs under A. Because with B, the whole vulnerability management is already very impracticable in some cases.” CriCo-Product-Management “And we have an internal CERT that coordinates all the processes and takes action in the event of incident response. They then call support as needed. We are lucky that we have an internal CERT.” Customer-CriSC1-IT Security-2 “In the area of incident response, we have contracts, but then we have on-call contracts. To simply have resources with the necessary know-how available in the event of an incident. Which is usually the main purpose.” Customer-CriSC1-IT-Security-2

Second-order themeFirst-order concepts	Representative quotes
TransformingPrioritizing long-term cyber risk-related SC collaboration	“Because we have done many things where we realize that we also have a strategic component when we say that the support from the supplier in this process is expandable. We will have other requirements in the future. For example, patching must be faster. The processes must be adapted. Then, you have something that is geared toward the long-term. We will then be in dialogue with the suppliers again. If necessary, there will be an adjustment to the contract. And if this should also have a monetary effect, then, of course, purchasing would be involved again.” Customer-CriSC1-IT Security-2“That is the key, being proactive. That you say, they have to inform much more. In reality, you only get most of the information when they ask for it.” Customer-InsSC1-Logistics“That is, we certainly today find faster channels, secure channels to manage.” Supplier-InsSC1-Sales
Enhancing cyber risk-related SC reconfiguration	“That is, you have any problems with it all the time, and now they are strategically going to a in the medium-term, for example, so that their software runs under A. Because with B, the whole vulnerability management is already very impracticable in some cases.” CriCo-Product-Management“And we have an internal CERT that coordinates all the processes and takes action in the event of incident response. They then call support as needed. We are lucky that we have an internal CERT.” Customer-CriSC1-IT Security-2“In the area of incident response, we have contracts, but then we have on-call contracts. To simply have resources with the necessary know-how available in the event of an incident. Which is usually the main purpose.” Customer-CriSC1-IT-Security-2

Second-order themeFirst-order concepts

Representative quotes

TransformingPrioritizing long-term cyber risk-related SC collaboration

“Because we have done many things where we realize that we also have a strategic component when we say that the support from the supplier in this process is expandable. We will have other requirements in the future. For example, patching must be faster. The processes must be adapted. Then, you have something that is geared toward the long-term. We will then be in dialogue with the suppliers again. If necessary, there will be an adjustment to the contract. And if this should also have a monetary effect, then, of course, purchasing would be involved again.” Customer-CriSC1-IT Security-2“That is the key, being proactive. That you say, they have to inform much more. In reality, you only get most of the information when they ask for it.” Customer-InsSC1-Logistics“That is, we certainly today find faster channels, secure channels to manage.” Supplier-InsSC1-Sales

Enhancing cyber risk-related SC reconfiguration

“That is, you have any problems with it all the time, and now they are strategically going to a in the medium-term, for example, so that their software runs under A. Because with B, the whole vulnerability management is already very impracticable in some cases.” CriCo-Product-Management“And we have an internal CERT that coordinates all the processes and takes action in the event of incident response. They then call support as needed. We are lucky that we have an internal CERT.” Customer-CriSC1-IT Security-2“In the area of incident response, we have contracts, but then we have on-call contracts. To simply have resources with the necessary know-how available in the event of an incident. Which is usually the main purpose.” Customer-CriSC1-IT-Security-2

Source:

Authors’ own work

[ViewLarge]

Sharing Unavailable