IDEAS home Printed from https://ideas.repec.org/a/eee/ijoais/v54y2024ics1467089524000289.html
   My bibliography  Save this article

Does cybersecurity maturity level assurance improve cybersecurity risk management in supply chains?

Author

Listed:
  • Song, Ju Myung
  • Wang, Tawei
  • Yen, Ju-Chun
  • Chen, Yu-Hung

Abstract

This study uses analytical models to investigate whether requiring cybersecurity assurance or a particular maturity level for vendors or contractors will help them improve their cybersecurity management. Our findings suggest that, if a supplier decides on its preferred cybersecurity maturity level without knowing what level a contract requires, the supplier is more likely to exert more effort to improve its cybersecurity management. We also show that a buyer can incentivize the supplier to engage in improving cybersecurity risk management by imposing a reduced contractual price or a fine when a breach occurs. Our findings reveal the role played by cybersecurity maturity level assurance and we discuss practical implications.

Suggested Citation

  • Song, Ju Myung & Wang, Tawei & Yen, Ju-Chun & Chen, Yu-Hung, 2024. "Does cybersecurity maturity level assurance improve cybersecurity risk management in supply chains?," International Journal of Accounting Information Systems, Elsevier, vol. 54(C).
    • Handle: RePEc:eee:ijoais:v:54:y:2024:i:c:s1467089524000289
    DOI: 10.1016/j.accinf.2024.100695
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1467089524000289
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.accinf.2024.100695?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Terziovski, Milé & Guerrero, Jose-Luis, 2014. "ISO 9000 quality system certification and its impact on product and process innovation performance," International Journal of Production Economics, Elsevier, vol. 158(C), pages 197-207.
    2. Terziovski, Mile & Power, Damien & Sohal, Amrik S., 2003. "The longitudinal effects of the ISO 9000 certification process on business performance," European Journal of Operational Research, Elsevier, vol. 146(3), pages 580-595, May.
    3. repec:eme:maj000:maj-02-2018-1804 is not listed on IDEAS
    4. Tadeusz Sawik, 2022. "Balancing cybersecurity in a supply chain under direct and indirect cyber risks," International Journal of Production Research, Taylor & Francis Journals, vol. 60(2), pages 766-782, January.
    5. Tadeusz Sawik, 2022. "A linear model for optimal cybersecurity investment in Industry 4.0 supply chains," International Journal of Production Research, Taylor & Francis Journals, vol. 60(4), pages 1368-1385, February.
    6. Sezer Bozkus Kahyaoglu & Kiymet Caliyurt, 2018. "Cyber security assurance process from the internal audit perspective," Managerial Auditing Journal, Emerald Group Publishing Limited, vol. 33(4), pages 360-376, May.
    7. Abhijeet Ghadge & Hendrik Wurtmann & Stefan Seuring, 2020. "Managing climate change risks in global supply chains: a review and research agenda," International Journal of Production Research, Taylor & Francis Journals, vol. 58(1), pages 44-64, January.
    8. Simon, Jay & Omar, Ayman, 2020. "Cybersecurity investments in the supply chain: Coordination and a strategic attacker," European Journal of Operational Research, Elsevier, vol. 282(1), pages 161-171.
    9. Tadeusz Sawik & Bartosz Sawik, 2022. "A rough cut cybersecurity investment using portfolio of security controls with maximum cybersecurity value," International Journal of Production Research, Taylor & Francis Journals, vol. 60(21), pages 6556-6572, November.
    10. Erica L. Plambeck & Terry A. Taylor, 2016. "Supplier Evasion of a Buyer’s Audit: Implications for Motivating Supplier Social and Environmental Responsibility," Manufacturing & Service Operations Management, INFORMS, vol. 18(2), pages 184-197, May.
    11. Heras-Saizarbitoria, Iñaki & Boiral, Olivier, 2019. "Faking ISO 9001 in China: An exploratory study," Business Horizons, Elsevier, vol. 62(1), pages 55-64.
    12. Mohammadali Vosooghidizaji & Atour Taghipour & Béatrice Canel-Depitre, 2020. "Supply chain coordination under information asymmetry: a review," International Journal of Production Research, Taylor & Francis Journals, vol. 58(6), pages 1805-1834, March.
    13. Charles J. Corbett & María J. Montes-Sancho & David A. Kirsch, 2005. "The Financial Impact of ISO 9000 Certification in the United States: An Empirical Analysis," Management Science, INFORMS, vol. 51(7), pages 1046-1059, July.
    14. Subodha Kumar & Rakesh R. Mallipeddi, 2022. "Impact of cybersecurity on operations and supply chain management: Emerging trends and future research directions," Production and Operations Management, Production and Operations Management Society, vol. 31(12), pages 4488-4500, December.
    15. Jason K. Deane & Christopher L. Rees & Wade H. Baker, 2010. "Assessing the information technology security risk in medical supply chains," International Journal of Electronic Marketing and Retailing, Inderscience Enterprises Ltd, vol. 3(2), pages 145-155.
    16. Steven A. Melnyk & Tobias Schoenherr & Cheri Speier-Pero & Chris Peters & Jeff F. Chang & Derek Friday, 2022. "New challenges in supply chain management: cybersecurity across the supply chain," International Journal of Production Research, Taylor & Francis Journals, vol. 60(1), pages 162-183, January.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kaur, Harpreet & Gupta, Mahima & Singh, Surya Prakash, 2024. "Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains," International Journal of Production Economics, Elsevier, vol. 275(C).
    2. Bourke, Jane & Roper, Stephen, 2017. "Innovation, quality management and learning: Short-term and longer-term effects," Research Policy, Elsevier, vol. 46(8), pages 1505-1518.
    3. Ullah, Barkat, 2022. "The impact of quality certification on SME innovation and the role of institutions," Research in International Business and Finance, Elsevier, vol. 62(C).
    4. Blind, Knut & Mangelsdorf, Axel & Pohlisch, Jakob, 2018. "The effects of cooperation in accreditation on international trade: Empirical evidence on ISO 9000 certifications," International Journal of Production Economics, Elsevier, vol. 198(C), pages 50-59.
    5. Terziovski, Milé & Guerrero, Jose-Luis, 2014. "ISO 9000 quality system certification and its impact on product and process innovation performance," International Journal of Production Economics, Elsevier, vol. 158(C), pages 197-207.
    6. Jie Wu & Zefu Wu, 2019. "ISO certification and new product success in an emerging market," Asian Business & Management, Palgrave Macmillan, vol. 18(1), pages 51-71, February.
    7. Zhitao Xu & Adel Elomri & Roberto Baldacci & Laoucine Kerbache & Zhenyong Wu, 2024. "Frontiers and trends of supply chain optimization in the age of industry 4.0: an operations research perspective," Annals of Operations Research, Springer, vol. 338(2), pages 1359-1401, July.
    8. Trifković, Neda, 2017. "Spillover Effects of International Standards: Working Conditions in the Vietnamese SMEs," World Development, Elsevier, vol. 97(C), pages 79-101.
    9. Martinez-Costa, Micaela & Martinez-Lorente, Angel R. & Choi, Thomas Y., 2008. "Simultaneous consideration of TQM and ISO 9000 on performance and motivation: An empirical study of Spanish companies," International Journal of Production Economics, Elsevier, vol. 113(1), pages 23-39, May.
    10. Clougherty, Joseph A. & Grajek, Michal & Shy, Oz, 2016. "Taking ‘Some’ of the Mimicry Out of the Adoption Process: Quality-Management and Strategic Substitution," CEPR Discussion Papers 11661, C.E.P.R. Discussion Papers.
    11. Marc-Arthur Diaye & Nathalie Greenan & Sanja Pekovic, 2014. "Sharing the " fame " of ISO standard adoption : quality supply chain effects evidence [Partager la « réputation » de la certification qualité : l’identification d’un effet de chaîne d’app," Post-Print halshs-01362467, HAL.
    12. Lo, Chris K.Y. & Yeung, Andy C.L. & Cheng, T.C.E., 2009. "ISO 9000 and supply chain efficiency: Empirical evidence on inventory and account receivable days," International Journal of Production Economics, Elsevier, vol. 118(2), pages 367-374, April.
    13. Paunov C., 2014. "Democratizing intellectual property systems : how corruption hinders equal opportunities for firms," MERIT Working Papers 2014-077, United Nations University - Maastricht Economic and Social Research Institute on Innovation and Technology (MERIT).
    14. Alcina A. de SENA PORTUGAL DIAS & Inaki Heras SAIZARBITORIA, 2016. "ISO 9001 Performance: A Holistic and Mixed-Method Analysis," REVISTA DE MANAGEMENT COMPARAT INTERNATIONAL/REVIEW OF INTERNATIONAL COMPARATIVE MANAGEMENT, Faculty of Management, Academy of Economic Studies, Bucharest, Romania, vol. 17(2), pages 136-163, May.
    15. Lindlbauer, Ivonne & Schreyögg, Jonas & Winter, Vera, 2016. "Changes in technical efficiency after quality management certification: A DEA approach using difference-in-difference estimation with genetic matching in the hospital industry," European Journal of Operational Research, Elsevier, vol. 250(3), pages 1026-1036.
    16. repec:ehu:cuader:24432 is not listed on IDEAS
    17. Clougherty, Joseph A. & Grajek, Michał, 2023. "Decertification in quality-management standards by incrementally and radically innovative organizations," Research Policy, Elsevier, vol. 52(1).
    18. Castka, Pavel & Prajogo, Daniel & Sohal, Amrik & Yeung, Andy C.L., 2015. "Understanding firms׳ selection of their ISO 9000 third-party certifiers," International Journal of Production Economics, Elsevier, vol. 162(C), pages 125-133.
    19. Hottenrott, Moritz & Thorwarth, Susanne & Wey, Christian, 2016. "Gegenstandsbereiche der Normung," DICE Ordnungspolitische Perspektiven 83, Heinrich Heine University Düsseldorf, Düsseldorf Institute for Competition Economics (DICE).
    20. Xiaoling Wang & Haiying Lin & Olaf Weber, 2016. "Does Adoption of Management Standards Deliver Efficiency Gain in Firms’ Pursuit of Sustainability Performance? An Empirical Investigation of Chinese Manufacturing Firms," Sustainability, MDPI, vol. 8(7), pages 1-18, July.
    21. Joseph A. Clougherty, & Michał Grajek, & Oz Shy, 2016. "Taking ‘some’ of the mimicry out of the adoption process: Quality management and strategic substitution," ESMT Research Working Papers ESMT-16-05, ESMT European School of Management and Technology.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijoais:v:54:y:2024:i:c:s1467089524000289. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-accounting-information-systems/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.