Abstract image of a woman sitting on books and studying on a laptop

Ppt cscrm (1)

Download as PPTX, PDF
T
Trang337408

The document explores supply chain managers' perceptions of Cyber Supply Chain Risk Management (CSCRM) amidst digital transformation, highlighting the importance of effective cybersecurity strategies. It reveals discrepancies in risk perception and the need for greater organizational engagement in CSCRM processes, emphasizing the role of logistics providers as crucial coordinators. Findings indicate a significant reliance on technical measures, with a noted misalignment between the perceived relevance of human factors as risks and the actions taken to address them.

Business
1 of 43
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
WHO CARES? SUPPLY CHAIN MANAGERS’ PERCEPTIONS REGARDING CYBER SUPPLY CHAIN RISK MANAGEMENT IN THE DIGITAL TRANSFORMATION ERA 109578401 HOANG TO NHU 109578403 DO THI TRANG 109678402 NGUYEN THI HONG NHUNG
Perceptions of supply chain managers for cyber supply chain risk management (CSCRM) How can organizations deploy a CSCRM strategy? ABSTRACT
Digital transformation Cyber supply chain Cyber security 1. INTRODUCTION
1. INTRODUCTION
CYBER SECURITY CYBER RISKS COMPANIES CSCRM in a supply chain are seen as the top threats tend to adopt security measures to protect themselves is necessary for a better level of resilience through the cyber supply chain ORGANIZATIONS LITERATURE involved in a supply chain do not make the same decisions gives technical aspects rather than organization aspects across the supply chain as top threats
THIS RESEARCH helps organizations to understand how they can deploy a cyber security strategy RQ1. How relevant are the elements of CSCRM perceived by companies in a supply chain? RQ2. How aligned are the perceptions about CSCRM of companies in a supply chain?
Manufacturers Logistics Providers Retailers Survey of the perceptions of supply chain managers regarding 3 main stages: Section 2: Overview of the literature of CSCRM Section 3: Research methodology Section 4: Investigation results Section 5: Findings of the analysis Section 6: Conclusion
2. THEORETICAL BACKGROUND Cyber supply chain risk management (CSCRM)
CSCRM PURPOSE is to extend control on cyber risks which enables a continuously adaptive capacity. Supply chain resilience relates to a fit between riskiness and related level of preparedness to manage the risks. Humans are limited to make objective estimations.
INDIVIDUALS seem to rely on their perception of risks on their own confidence and belief. Decisions are subjective for what might happen and how they think it might affect. Different approaches by different people make different effects.
Cyber risks Sources of risks Responsibility and ownership of the CSCRM Information exchanged Countermeasures to manage cyber risks. CSCRM process includes
Initiatives and countermeasures to manage cyber risks Sources of cyber risks Cyber risks in supply chain Responsibility of CSCRM process 34% 25% 34% 2% ELEMENTS OF CSCRM PROCESS Information exchanged in the supply chain 5%
2.1 CYBER RISKS in supply chain • Type 1 includes incidents of phishing and theft or data manipulation. • Type 2 covers cyberstalking and harassment, stock market manipulation, blackmailing and corporate espionage.
BACKBONE RISKS • ERP system malfunction • Crash of company’s website • Lack of network connectivity • Malware • Data breach • Damage of records • Theft of credentials
2.2 SOURCES of cyber risks INTERNAL EXTERNAL MALICIOUS NON-INTENTIONAL Suppliers/contractors Current employees Former employees Suppliers/ contractors Customers Competitors Hackers/ Hacktivists Current employees Former employees Technical problems Customers Natural disasters Technical problems Colicchia (2019)
2.2 SOURCES of cyber risks • Employees • Physical objects • Technical assets Ghade (2020)
2.3 RESPONSIBILITY AND OWNERSHIP of CSCRM process • Entire company should engage in the CSCRM process with strong commitment. • Cyber security should be a department in the company.
2.4 INFORMATION EXCHANGED in the supply chain Inventory Sales data Invoices Discounts Order status Production plan Performance Master data
2.5 INITIATIVES AND COUNTERMEASURES to manage cyber risks Pre-attack Actions at the technical level and those directed at or carried out by human factors Trans-attack Data consistency checks and task forces Post-attack Forensics, incident documentation, insurance and recovery and backup procedures Companies seem to respond with pre-attacker phase rather than the others. However, all phases should have a varied set of actions to cover different attacks and different risk environments.
3. METHOD
3.1 SAMPLE Focus on a specific sector, specifically the FMCG industry in Italy The Italian FMCG industry is placed among the top four markets in Europe for logistics flows and generated turnover, and it is one of the fastest-growing sectors across Europe, after Spain in 2016 The Italian FMCG supply chain has gone through a deep transformation, leading to the adoption of the principles of efficient consumer response (ECR) and IT technologies
3.1 SAMPLE AND DATABASE The questionnaire was distributed to 524 companies, with the following representation: 321 manufacturers, 134 logistics service providers and 69 retailers. Managers in charge of supply chain management or logistics are chosen as potential respondents for this survey (with minimum 5 years experience) 112 full questionnaires returned.
3.1 DESIGN The resulting questionnaire consisted of six different sections The questions were measured by five-point Likert scales, ranging from “very relevant” to “not relevant”, from “low impact” to “very high impact” (according to the assessment scale presented by Hallikas et al., 2004) or from “very low probability” to “very high probability” (according to the assessment scale presented by Hallikas et al., 2004) Use ANOVA with F statistics value with a significance level of 5% to analyse the results.
4. RESULTS 4.3. Perception of the sources of risk 4.2. Perception of the risk events 4.1. Profile of the respondents’ sample 4.4. Involvement of the organization’s departments in cyber and information risk management 4.5. Perception of the criticality of the information shared across the supply chain 4.6. Perception of the countermeasures and actions for mitigating cyber risks
4.1 PROFILE of the respondents’ sample 64 manufacturers 31 logistics service providers 17 retailers
4.2 PERCEPTION of the risk events the whole FMCG supply chain has experienced the same risk events an almost unanimous consensus around the two events considered to be the most dangerous ones Malware has been judged to be a high risk, especially by retailers
4.3 PERCEPTION of the risk events The Bubble diagram reports the mean values of the three variables for each assessed risk event: impact (vertical axis), probability (horizontal axis) and occurrence (bubble diameter, i.e. the larger the bubble diameter, the more recently the risk event has occurred) Show the occurrence affects the perception of the level of riskness of the evaluated events, especially in terms of impact
4.4.PERCEPTION of the sources of risk Retailers have a generally weaker perception of the sources of cyber and information risks in their supply chain Hackers are seen as the most dangerous source of risk, ranking first in all groups of respondents The “human factor” and the “enemy within” are common threats to all categories of organizations in the FMCG supply chain Logistics Service Providers seem to perceive technical reasons as one of the main causes of risks for their business continuity
4.4 INVOLVEMENT of the organization’s department in cyber and information risk management Most involved
4.5 PERCEPTION of the criticality of the information shared across the supply chain Manufacturer on the master data and invoicing side along with data about their sales Retailers on the discounts and promotional data along with inventory Logistics Service Providers on transport data
4.6 PERCEPTION of the countermeasures andactions for mitigating cyber risks Level of perception regarding the initiatives and countermeasures for managing cyber risks IT technical side is still dominant in every stage of the FMCG supply chain No unanimous consensus regarding some technical measures
The perceptions of risk events 5.1 The sources of risk 5.2 The ownership of the CSCRM process 5.3 5.4 The countermeasures to mitigating cyber risks 5. DISCUSSION
5.1. THE PERCEPTION of risk events Logistics Service Providers have a broader perception of the risk events compared to Manufacturers and Retailers
• Those risks with higher occurrence are perceived more vividly compared to other risk with lower values of occurrence • Little awareness leads to underestimating the importance of risk events (and the other way around) 5.1. THE PERCEPTION of risk events
5.2. THE SOURCE of risk • The so-called “human factor” is seen as one of the predominant threats to cyber security in supply chains and this is in line with previous literature (Ghadge et al., 2020). • Logistics Service Providers are more concerned about technical problems that could undermine the continuity of their business operations
5.3. THE OWNERSHIP of the CRM process • The medium-high scores assigned to the majority of the business departments • The human resources department is at the bottom of the list and this shows a contradiction in terms of approach to the “human factor” in the CSCRM process
5.4.THE COUNTERMEASURE to mitigating cyber risks Table 9 reports an overall high level of relevance assigned to the set of initiatives but a medium level of alignment of the respondents’ perceptions related to them.
Overall, a certain level of alignment of the perception about the elements composing the CSCRM process among the various actors of the FMCG supply chain exists. In this case, it appears that Manufacturers and Retailers are more focused on their domain rather than on the supply chain. On the contrary, it seems that Logistics Service Providers can overcome this limitation and have a broader perception of the risks, sources of risks and criticality of information and data exchanged that span across the different stages of the supply chain. DISCUSSION
6 .1. Theoretical implications This study provides the scientific community with a vertical analysis of a supply chain, something that extends the existing theory on CSCRM It also contributes to extending the current theory with the proposal of a paradigm that highlights the role of Logistics Service Providers as “orchestrators” of the CSCRM process. 6. CONCLUSIONS
6 .2. Practical implications This study provides the industrial community with thought-provoking insights on the misalignment between the perceived relevance of the human factor as a source of risk (high) and the perceived importance of countermeasures to mitigate the risk events stemming from that source (low) This study could help organizations devise procedures and policies to report incidents and create common and shared knowledge about risks that could help them assess the level of risk in their supply chains more closely
01. 解決甚麼問題 ? 02. 為什麼這個問題很重要 ? 03. 提出的論點或假說是甚麼 ? 6 .2. Practical implications
04. 如何證明他們論點與假說為真 ? 05. 實證研究與結果 06. 學術貢獻與實務貢獻
THANKS FOR LISTENING!

More Related Content

PDF
Supply Chain Management
Ron Calonica
 
DOCX
Strategic supply chain management
Bhavi Bhatia
 
DOCX
Recent development in the field of scm
Sibitha Sivan
 
PPT
Scm ppt
abhishek_02
 
PDF
Creating competitive advantages through supply chain final
Kurnia Rosyada
 
PDF
Roll of scm in a hotel
Gagan Pradeep
 
PPTX
Supply chain management
Bhabesh Gautam
 
PPTX
Supply Chain Management (Hospital POV)
Srishti Bhardwaj
 
Supply Chain Management
Ron Calonica
 
Strategic supply chain management
Bhavi Bhatia
 
Recent development in the field of scm
Sibitha Sivan
 
Scm ppt
abhishek_02
 
Creating competitive advantages through supply chain final
Kurnia Rosyada
 
Roll of scm in a hotel
Gagan Pradeep
 
Supply chain management
Bhabesh Gautam
 
Supply Chain Management (Hospital POV)
Srishti Bhardwaj
 

What's hot (20)

PPTX
PPT -Lean Supply Chain Presentation
Ike. M Nwamuo, MSQA
 
DOCX
Trial exam questions+answers logistics and supply chain management 2
Khaoula Marai
 
DOCX
Strategic supply chain management and logistics
Bhavi Bhatia
 
PPT
Supply chain managements
Sarwat Shabbir
 
DOC
Seminar Report on Supply Chain Management
Ankur Mehta
 
PDF
Logistics and supply chain management in the hotel industry impa
hoannguyen
 
PPTX
Supply chain management
Mohammed Kurmot
 
DOC
Chapter 1
Jomel Penalba
 
PPT
Demand chain management
Narendra Chaudhary
 
PDF
Trends in Supply Chain Management - Presentation by GRA Supply Chain Consultants
Rebecca Manjra
 
PPTX
MIS 14 Supply Chain Management
Tushar B Kute
 
PPSX
Supply chain management practice by Spining Industry.
Monir Uz Zaman
 
PPT
Srm Presentation
Muhammed Akgun
 
PDF
Emerging trends in supply chain management
eSAT Publishing House
 
PDF
Supply Chain Management & new trends
Seyed Hamid Hashemi Petrudi
 
DOCX
Supply chain in Pakistan
Muneeb Ahmed
 
PPTX
Introduction to supply chain management (scm)
Catherine Royer-Hoyez
 
PPTX
Supply Chain Management_Presentation
A. K. M. Nayeemul Hassan
 
PPTX
IT in supply chains
iskandaruz
 
PPT
SCM & CRM & ERP
Ranak Ghosh
 
PPT -Lean Supply Chain Presentation
Ike. M Nwamuo, MSQA
 
Trial exam questions+answers logistics and supply chain management 2
Khaoula Marai
 
Strategic supply chain management and logistics
Bhavi Bhatia
 
Supply chain managements
Sarwat Shabbir
 
Seminar Report on Supply Chain Management
Ankur Mehta
 
Logistics and supply chain management in the hotel industry impa
hoannguyen
 
Supply chain management
Mohammed Kurmot
 
Chapter 1
Jomel Penalba
 
Demand chain management
Narendra Chaudhary
 
Trends in Supply Chain Management - Presentation by GRA Supply Chain Consultants
Rebecca Manjra
 
MIS 14 Supply Chain Management
Tushar B Kute
 
Supply chain management practice by Spining Industry.
Monir Uz Zaman
 
Srm Presentation
Muhammed Akgun
 
Emerging trends in supply chain management
eSAT Publishing House
 
Supply Chain Management & new trends
Seyed Hamid Hashemi Petrudi
 
Supply chain in Pakistan
Muneeb Ahmed
 
Introduction to supply chain management (scm)
Catherine Royer-Hoyez
 
Supply Chain Management_Presentation
A. K. M. Nayeemul Hassan
 
IT in supply chains
iskandaruz
 
SCM & CRM & ERP
Ranak Ghosh
 
Ad

Similar to Ppt cscrm (1) (20)

PDF
SupplyChainRiskAreas
Jeremy Castle
 
PDF
Supply Chain Risk Management corrected - Whitepaper
NIIT Technologies
 
PPTX
ORX Cyber Risk Presentation March 2019
Amy Lauder
 
PPTX
Supply Chain Mgmt Risks
Norsamita Shamsuddin
 
PDF
Effective Solutions for Your Supply Chain Risks
Halo BI
 
PPTX
Assuring the Security of the Supply Chain - Designing best practices for cybe...
Ollie Whitehouse
 
PPTX
SCL Event - Louis Ferretti - IBM - Project Executive, Product Environmental ...
Global Business Intel
 
PDF
Supply Chain optimization & risks factors
Alok Anand
 
PDF
Managed Detection and Response (MDR) Whitepaper
Marc St-Pierre
 
PDF
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Health Catalyst
 
PDF
Supply chain predictability - English.pdf
Karthikeyan Muthukrishnan
 
PDF
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
Symantec
 
PDF
The State of Cybersecurity and Digital Trust 2016
Accenture Operations
 
PDF
FMEA - Achieve Operational Excellence.pdf
Hamza Arif
 
DOCX
Mitigating the Risk of Counterfeit ICT in the DoD Supply Chain
Kyrl Erickson
 
PPTX
securitycompliancelosspreventionpart12-240312193909-24af223f (2).pptx
Sheldon Byron
 
PPTX
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
Global Business Intel
 
DOCX
5 Pain Points in Supply Chains and How Logistics Management Software Solves T...
mlfacialrecognitions
 
PPTX
Overcoming Hidden Risks in a Shared Security Model
OnRamp
 
PPTX
Preventing and Managing Supply Chain Disruptions
Thomas Tanel
 
SupplyChainRiskAreas
Jeremy Castle
 
Supply Chain Risk Management corrected - Whitepaper
NIIT Technologies
 
ORX Cyber Risk Presentation March 2019
Amy Lauder
 
Supply Chain Mgmt Risks
Norsamita Shamsuddin
 
Effective Solutions for Your Supply Chain Risks
Halo BI
 
Assuring the Security of the Supply Chain - Designing best practices for cybe...
Ollie Whitehouse
 
SCL Event - Louis Ferretti - IBM - Project Executive, Product Environmental ...
Global Business Intel
 
Supply Chain optimization & risks factors
Alok Anand
 
Managed Detection and Response (MDR) Whitepaper
Marc St-Pierre
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Health Catalyst
 
Supply chain predictability - English.pdf
Karthikeyan Muthukrishnan
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
Symantec
 
The State of Cybersecurity and Digital Trust 2016
Accenture Operations
 
FMEA - Achieve Operational Excellence.pdf
Hamza Arif
 
Mitigating the Risk of Counterfeit ICT in the DoD Supply Chain
Kyrl Erickson
 
securitycompliancelosspreventionpart12-240312193909-24af223f (2).pptx
Sheldon Byron
 
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
Global Business Intel
 
5 Pain Points in Supply Chains and How Logistics Management Software Solves T...
mlfacialrecognitions
 
Overcoming Hidden Risks in a Shared Security Model
OnRamp
 
Preventing and Managing Supply Chain Disruptions
Thomas Tanel
 
Ad

Recently uploaded (20)

PPTX
TRAINNING, DEVELOPMENT AND APPRAISAL.pptx
sy2773667
 
PDF
Robin Fischer: A Visionary Leader Making a Difference in Healthcare, One Day ...
The lifescience magaizne
 
PDF
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 
PPTX
chapter 2 entrepreneurship full lecture ppt
annejo20
 
PPTX
Board-Reporting-Package-by-Umbrex-5-23-23.pptx
Pars Six Sigma Excellence
 
PDF
NEW - FEES STRUCTURES (01-july-2024).pdf
priyansubarmanwork
 
PDF
Keppel_Proposed Divestment of M1 Limited
KeppelCorporation
 
PDF
Tortilla Mexican Grill 发射点犯得上发射点发生发射点犯得上发生
ssun243
 
PPTX
Astra-Investor- business Presentation (1).pptx
diksha27bhardwaj
 
PPTX
BUSINESS CYCLE_INFLATION AND UNEMPLOYMENT.pptx
TasmiaThalil
 
PDF
Solaris Resources Presentation - Corporate August 2025.pdf
pchambers2
 
PDF
533158074-Saudi-Arabia-Companies-List-Contact.pdf
Shaik Abubakr Siddiqui
 
PPTX
CTG - Business Update 2Q2025 & 6M2025.pptx
HcTrSoros
 
PDF
Introduction to Generative Engine Optimization (GEO)
seoplus+
 
PPTX
svnfcksanfskjcsnvvjknsnvsdscnsncxasxa saccacxsax
ergvedfvef sdvsfvdvd
 
DOCX
FINALS-BSHhchcuvivicucucucucM-Centro.docx
RosemarieMacapagal1
 
PDF
#1 Safe and Secure Verified Cash App Accounts for Purchase.pdf
Buy Verified Cash App Accounts
 
PDF
TyAnn Osborn: A Visionary Leader Shaping Corporate Workforce Dynamics
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PDF
ANALYZING THE OPPORTUNITIES OF DIGITAL MARKETING IN BANGLADESH TO PROVIDE AN ...
IJMIT JOURNAL
 
PPTX
basic introduction to research chapter 1.pptx
sangeethanagaraj8
 
TRAINNING, DEVELOPMENT AND APPRAISAL.pptx
sy2773667
 
Robin Fischer: A Visionary Leader Making a Difference in Healthcare, One Day ...
The lifescience magaizne
 
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 
chapter 2 entrepreneurship full lecture ppt
annejo20
 
Board-Reporting-Package-by-Umbrex-5-23-23.pptx
Pars Six Sigma Excellence
 
NEW - FEES STRUCTURES (01-july-2024).pdf
priyansubarmanwork
 
Keppel_Proposed Divestment of M1 Limited
KeppelCorporation
 
Tortilla Mexican Grill 发射点犯得上发射点发生发射点犯得上发生
ssun243
 
Astra-Investor- business Presentation (1).pptx
diksha27bhardwaj
 
BUSINESS CYCLE_INFLATION AND UNEMPLOYMENT.pptx
TasmiaThalil
 
Solaris Resources Presentation - Corporate August 2025.pdf
pchambers2
 
533158074-Saudi-Arabia-Companies-List-Contact.pdf
Shaik Abubakr Siddiqui
 
CTG - Business Update 2Q2025 & 6M2025.pptx
HcTrSoros
 
Introduction to Generative Engine Optimization (GEO)
seoplus+
 
svnfcksanfskjcsnvvjknsnvsdscnsncxasxa saccacxsax
ergvedfvef sdvsfvdvd
 
FINALS-BSHhchcuvivicucucucucM-Centro.docx
RosemarieMacapagal1
 
#1 Safe and Secure Verified Cash App Accounts for Purchase.pdf
Buy Verified Cash App Accounts
 
TyAnn Osborn: A Visionary Leader Shaping Corporate Workforce Dynamics
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
ANALYZING THE OPPORTUNITIES OF DIGITAL MARKETING IN BANGLADESH TO PROVIDE AN ...
IJMIT JOURNAL
 
basic introduction to research chapter 1.pptx
sangeethanagaraj8
 

Ppt cscrm (1)

  • 1. WHO CARES? SUPPLY CHAIN MANAGERS’ PERCEPTIONS REGARDING CYBER SUPPLY CHAIN RISK MANAGEMENT IN THE DIGITAL TRANSFORMATION ERA 109578401 HOANG TO NHU 109578403 DO THI TRANG 109678402 NGUYEN THI HONG NHUNG
  • 2. Perceptions of supply chain managers for cyber supply chain risk management (CSCRM) How can organizations deploy a CSCRM strategy? ABSTRACT
  • 3. Digital transformation Cyber supply chain Cyber security 1. INTRODUCTION
  • 5. CYBER SECURITY CYBER RISKS COMPANIES CSCRM in a supply chain are seen as the top threats tend to adopt security measures to protect themselves is necessary for a better level of resilience through the cyber supply chain ORGANIZATIONS LITERATURE involved in a supply chain do not make the same decisions gives technical aspects rather than organization aspects across the supply chain as top threats
  • 6. THIS RESEARCH helps organizations to understand how they can deploy a cyber security strategy RQ1. How relevant are the elements of CSCRM perceived by companies in a supply chain? RQ2. How aligned are the perceptions about CSCRM of companies in a supply chain?
  • 7. Manufacturers Logistics Providers Retailers Survey of the perceptions of supply chain managers regarding 3 main stages: Section 2: Overview of the literature of CSCRM Section 3: Research methodology Section 4: Investigation results Section 5: Findings of the analysis Section 6: Conclusion
  • 8. 2. THEORETICAL BACKGROUND Cyber supply chain risk management (CSCRM)
  • 9. CSCRM PURPOSE is to extend control on cyber risks which enables a continuously adaptive capacity. Supply chain resilience relates to a fit between riskiness and related level of preparedness to manage the risks. Humans are limited to make objective estimations.
  • 10. INDIVIDUALS seem to rely on their perception of risks on their own confidence and belief. Decisions are subjective for what might happen and how they think it might affect. Different approaches by different people make different effects.
  • 11. Cyber risks Sources of risks Responsibility and ownership of the CSCRM Information exchanged Countermeasures to manage cyber risks. CSCRM process includes
  • 12. Initiatives and countermeasures to manage cyber risks Sources of cyber risks Cyber risks in supply chain Responsibility of CSCRM process 34% 25% 34% 2% ELEMENTS OF CSCRM PROCESS Information exchanged in the supply chain 5%
  • 13. 2.1 CYBER RISKS in supply chain • Type 1 includes incidents of phishing and theft or data manipulation. • Type 2 covers cyberstalking and harassment, stock market manipulation, blackmailing and corporate espionage.
  • 14. BACKBONE RISKS • ERP system malfunction • Crash of company’s website • Lack of network connectivity • Malware • Data breach • Damage of records • Theft of credentials
  • 15. 2.2 SOURCES of cyber risks INTERNAL EXTERNAL MALICIOUS NON-INTENTIONAL Suppliers/contractors Current employees Former employees Suppliers/ contractors Customers Competitors Hackers/ Hacktivists Current employees Former employees Technical problems Customers Natural disasters Technical problems Colicchia (2019)
  • 16. 2.2 SOURCES of cyber risks • Employees • Physical objects • Technical assets Ghade (2020)
  • 17. 2.3 RESPONSIBILITY AND OWNERSHIP of CSCRM process • Entire company should engage in the CSCRM process with strong commitment. • Cyber security should be a department in the company.
  • 18. 2.4 INFORMATION EXCHANGED in the supply chain Inventory Sales data Invoices Discounts Order status Production plan Performance Master data
  • 19. 2.5 INITIATIVES AND COUNTERMEASURES to manage cyber risks Pre-attack Actions at the technical level and those directed at or carried out by human factors Trans-attack Data consistency checks and task forces Post-attack Forensics, incident documentation, insurance and recovery and backup procedures Companies seem to respond with pre-attacker phase rather than the others. However, all phases should have a varied set of actions to cover different attacks and different risk environments.
  • 21. 3.1 SAMPLE Focus on a specific sector, specifically the FMCG industry in Italy The Italian FMCG industry is placed among the top four markets in Europe for logistics flows and generated turnover, and it is one of the fastest-growing sectors across Europe, after Spain in 2016 The Italian FMCG supply chain has gone through a deep transformation, leading to the adoption of the principles of efficient consumer response (ECR) and IT technologies
  • 22. 3.1 SAMPLE AND DATABASE The questionnaire was distributed to 524 companies, with the following representation: 321 manufacturers, 134 logistics service providers and 69 retailers. Managers in charge of supply chain management or logistics are chosen as potential respondents for this survey (with minimum 5 years experience) 112 full questionnaires returned.
  • 23. 3.1 DESIGN The resulting questionnaire consisted of six different sections The questions were measured by five-point Likert scales, ranging from “very relevant” to “not relevant”, from “low impact” to “very high impact” (according to the assessment scale presented by Hallikas et al., 2004) or from “very low probability” to “very high probability” (according to the assessment scale presented by Hallikas et al., 2004) Use ANOVA with F statistics value with a significance level of 5% to analyse the results.
  • 24. 4. RESULTS 4.3. Perception of the sources of risk 4.2. Perception of the risk events 4.1. Profile of the respondents’ sample 4.4. Involvement of the organization’s departments in cyber and information risk management 4.5. Perception of the criticality of the information shared across the supply chain 4.6. Perception of the countermeasures and actions for mitigating cyber risks
  • 25. 4.1 PROFILE of the respondents’ sample 64 manufacturers 31 logistics service providers 17 retailers
  • 26. 4.2 PERCEPTION of the risk events the whole FMCG supply chain has experienced the same risk events an almost unanimous consensus around the two events considered to be the most dangerous ones Malware has been judged to be a high risk, especially by retailers
  • 27. 4.3 PERCEPTION of the risk events The Bubble diagram reports the mean values of the three variables for each assessed risk event: impact (vertical axis), probability (horizontal axis) and occurrence (bubble diameter, i.e. the larger the bubble diameter, the more recently the risk event has occurred) Show the occurrence affects the perception of the level of riskness of the evaluated events, especially in terms of impact
  • 28. 4.4.PERCEPTION of the sources of risk Retailers have a generally weaker perception of the sources of cyber and information risks in their supply chain Hackers are seen as the most dangerous source of risk, ranking first in all groups of respondents The “human factor” and the “enemy within” are common threats to all categories of organizations in the FMCG supply chain Logistics Service Providers seem to perceive technical reasons as one of the main causes of risks for their business continuity
  • 29. 4.4 INVOLVEMENT of the organization’s department in cyber and information risk management Most involved
  • 30. 4.5 PERCEPTION of the criticality of the information shared across the supply chain Manufacturer on the master data and invoicing side along with data about their sales Retailers on the discounts and promotional data along with inventory Logistics Service Providers on transport data
  • 31. 4.6 PERCEPTION of the countermeasures andactions for mitigating cyber risks Level of perception regarding the initiatives and countermeasures for managing cyber risks IT technical side is still dominant in every stage of the FMCG supply chain No unanimous consensus regarding some technical measures
  • 32. The perceptions of risk events 5.1 The sources of risk 5.2 The ownership of the CSCRM process 5.3 5.4 The countermeasures to mitigating cyber risks 5. DISCUSSION
  • 33. 5.1. THE PERCEPTION of risk events Logistics Service Providers have a broader perception of the risk events compared to Manufacturers and Retailers
  • 34. • Those risks with higher occurrence are perceived more vividly compared to other risk with lower values of occurrence • Little awareness leads to underestimating the importance of risk events (and the other way around) 5.1. THE PERCEPTION of risk events
  • 35. 5.2. THE SOURCE of risk • The so-called “human factor” is seen as one of the predominant threats to cyber security in supply chains and this is in line with previous literature (Ghadge et al., 2020). • Logistics Service Providers are more concerned about technical problems that could undermine the continuity of their business operations
  • 36. 5.3. THE OWNERSHIP of the CRM process • The medium-high scores assigned to the majority of the business departments • The human resources department is at the bottom of the list and this shows a contradiction in terms of approach to the “human factor” in the CSCRM process
  • 37. 5.4.THE COUNTERMEASURE to mitigating cyber risks Table 9 reports an overall high level of relevance assigned to the set of initiatives but a medium level of alignment of the respondents’ perceptions related to them.
  • 38. Overall, a certain level of alignment of the perception about the elements composing the CSCRM process among the various actors of the FMCG supply chain exists. In this case, it appears that Manufacturers and Retailers are more focused on their domain rather than on the supply chain. On the contrary, it seems that Logistics Service Providers can overcome this limitation and have a broader perception of the risks, sources of risks and criticality of information and data exchanged that span across the different stages of the supply chain. DISCUSSION
  • 39. 6 .1. Theoretical implications This study provides the scientific community with a vertical analysis of a supply chain, something that extends the existing theory on CSCRM It also contributes to extending the current theory with the proposal of a paradigm that highlights the role of Logistics Service Providers as “orchestrators” of the CSCRM process. 6. CONCLUSIONS
  • 40. 6 .2. Practical implications This study provides the industrial community with thought-provoking insights on the misalignment between the perceived relevance of the human factor as a source of risk (high) and the perceived importance of countermeasures to mitigate the risk events stemming from that source (low) This study could help organizations devise procedures and policies to report incidents and create common and shared knowledge about risks that could help them assess the level of risk in their supply chains more closely
  • 41. 01. 解決甚麼問題 ? 02. 為什麼這個問題很重要 ? 03. 提出的論點或假說是甚麼 ? 6 .2. Practical implications
  • 42. 04. 如何證明他們論點與假說為真 ? 05. 實證研究與結果 06. 學術貢獻與實務貢獻