A comparison between traditional SC risks and SC cyber risks
| Aspect | Traditional SC risks | SC cyber risks | References |
|---|---|---|---|
| Interdependencies | Low; a firm-based view is prevalent in tackling traditional SC risks | High; a SC-based view is necessary to tackle SC cyber risks | Friday et al. (2024), Melnyk et al. (2022), Pandey et al. (2020) |
| Dynamism | Somewhat predictable types of threats. Experience and proactive measures are critical for mitigation | Rapidly-changing threats that can be tweaked in real time, making them extremely difficult to manage | Colicchia et al. (2019), Ghadge et al. (2020), Sawik (2022) |
| Anonymity | The sources and impacts of risks are often quickly recognized | The sources and impacts of risks may not be recognized until several days/weeks after the attack, if ever | Herburger and Omar (2021), Moschovitis (2018), Renaud et al. (2018) |
| IT department involvement (in addition to the SC department) | Peripheral and mainly involves providing the IT tools and infrastructure to exchange relevant information | Critical with real-time roles involved for monitoring systems and helping respond to the attacks | Colicchia et al. (2019), Creazza et al. (2022), Herburger and Omar (2021) |
| Ripple effects | Low due to increased physical layers and distance between SC tiers | High due to reduced physical layers and distance in the cyberspace | Friday et al. (2024), Ghadge et al. (2020), Herburger and Omar (2021) |
| Intention | Mostly non-intentional and caused by natural events or unforeseen errors | Mostly intentional and caused by intruders’ ill-will and deliberate planning | Kumar and Mallipeddi (2022), Pandey et al. (2020), Wieland et al. (2023) |
| Targeted assets | Targeted assets are primarily physical | Targeted assets are both physical and soft (i.e. information-based) | Ghadge et al. (2020), Pandey et al. (2020), Wieland et al. (2023) |
| Aspect | Traditional SC risks | SC cyber risks | References |
|---|---|---|---|
| Interdependencies | Low; a firm-based view is prevalent in tackling traditional SC risks | High; a SC-based view is necessary to tackle SC cyber risks | |
| Dynamism | Somewhat predictable types of threats. Experience and proactive measures are critical for mitigation | Rapidly-changing threats that can be tweaked in real time, making them extremely difficult to manage | |
| Anonymity | The sources and impacts of risks are often quickly recognized | The sources and impacts of risks may not be recognized until several days/weeks after the attack, if ever | |
| IT department involvement (in addition to the SC department) | Peripheral and mainly involves providing the IT tools and infrastructure to exchange relevant information | Critical with real-time roles involved for monitoring systems and helping respond to the attacks | |
| Ripple effects | Low due to increased physical layers and distance between SC tiers | High due to reduced physical layers and distance in the cyberspace | |
| Intention | Mostly non-intentional and caused by natural events or unforeseen errors | Mostly intentional and caused by intruders’ ill-will and deliberate planning | |
| Targeted assets | Targeted assets are primarily physical | Targeted assets are both physical and soft (i.e. information-based) |
Source(s): Created by authors
Sharing content requires targeting cookies to be enabled. Please update your cookie preferences to use this feature.