Subject: Information System Science
Title: Sharing is Caring: Trust, Information Sharing, and Intelligence for Digital Supply Chain Cyber Threats
Abstract:
The digital age has introduced new forms of supply chains, namely digital supply chains. These chains are characterised by intertwined organisations using cloud services and software ecosystems that introduce new forms of cyber risks, threats and uncertainties regarding security objectives. Due to the distance of these services and the underlying structures underneath, organisations may depend more on cyber threat intelligence, inter-organisational information sharing between industry-peers and trust in information quality to improve awareness of cyber threats affecting their external digital dependencies. However, empirical evidence on how these factors jointly contribute to digital supply chain cyber threat awareness remains limited.
As such, this preliminary study investigates how cyber threat intelligence capability, inter-organisational cyber threat information sharing and information quality trust are associated with digital supply chain cyber threat awareness. It further explores whether differences exist between public and private organisations in terms of these constructs. The study is guided by Information Processing Theory, which conceptualises how organisations reduce uncertainty by acquiring and processing relevant (external) information.
A quantitative survey design was employed resulting in 31 usable responses (n = 31) from information security professionals, including CISOs, information security managers and -officers, amongst others. The data were analysed using reliability analysis (Cronbach’s alpha), descriptive statistics, and Spearman correlation analysis. In addition, exploratory group comparison between public and private organisations were conducted using MANOVA, ANOVA and non-parametric Wilcoxon rank-sum tests.
The results suggest that cyber threat intelligence, inter-organisational cyber threat information sharing, and information quality trust are all positively associated with digital supply chain cyber threat awareness. The strongest associations were found for cyber threat intelligence capability and information quality trust, while information sharing showed weaker but still statistically significant relationship. Exploratory analysis suggests that public organisations reported higher levels of information sharing compared to private organisations, although overall awareness was reported comparable across. Due to the limited sample size, the findings should be interpreted as preliminary and exploratory, providing a foundation for future research in relation to the field of cyber supply chain risk management. The discussion was enhanced by an expert consultation session.
Keywords: Digital Supply Chains, Cyber Supply Chain Risk Management, Cyber Threat Information Sharing, Threat Intelligence Capability, Cyber Threat Awareness and Information Quality Trust.
