Supply Chain Centrality, Cyber Risk & IT Governance

Executive DBA Research Colloquium Series

SEBA is pleased to host an online research talk by Dr. David Bui in the 2024-2025 Executive DBA (EDBA) Research Colloquium Series. His talk will summarize findings from his research paper entitled: "Supply Chain Centrality, Cyber Risk and Supply Chain IT Governance."

Abstract: In this paper, I examine how a firm's position in the supply chain information network affects its cyber risk exposure and cyber risk management. First, I document that firms that are more central in the supply chain information network have higher cyber risk exposure. Second, the positive association between firm centrality and cyber risk is mitigated by both the IT governance strength of the focal firm and its supply chain partners. Third, the exposure to cyber-attacks through supply chain networks also has several implications on corporate policies. I find that managers of more central firms are more likely to include discussions of their supply chain cyber risks in their SEC 10-K filings to inform investors about such exposure. Additionally, more central firms reduce the likelihood and impact of being breached by adopting more stringent internal controls over IT and inventory. Additionally, central firms maintain a higher level of cash holdings to reduce the impact of actual supply chain cyber-attacks. Finally, firms proactively monitor the IT governance of their supply chain partners.