1.3 Research GapAcademic supply chain managementliterature is criticized for failing to move beyond theory to offer managementguidance on the implementation and operationalization of the concept of supplychain resilience (Scholtenet al.
, 2015). Studies in relation to theinvolvement of the diverse stakeholders such as beneficiaries, the public,media, military and governments for building resilience is deemed to be ofvalue (Scholtenet al., 2015). While there were few studieson the topic of resilience to date, the research picture is incomplete andrequire more positive research in order to understand fully the complexity ofsupply chain risk management before practicable managerial guidelines andframeworks can be developed (Taylor,Jüttner, Peck, & Christopher, 2010). The globalized business natureof today requires supply chain information integration, both inside and outsidethe organizational boundary, for responsive managerial decisions (Wong,Lai, & Bernroider, 2015).
While performancecontingencies of supply chain integration has been discussed in the supplychain management literature, little is known about how the contextualconditions which affect the information integration across supply chainpartners (Wonget al., 2015). In addition, although academicresearch to date has examined diverse set of issues related to supply chainsecurity management, most published articles are conceptual, prescriptive, oranecdotal in nature. That is, the proposed or suggested practices for managingsupply chain security have not been validated because empirical research onmanaging supply chain security is lacking (Martens,Crum, & Poist, 2011) Although researches on cybersupply chain risk management as a topic on its own is new in supply chainmanagement perspective, but it is noted that scholars have discussed on therisk it possesses, the devastating impact to supply chain performance andresilience under various keywords such as ‘risk management’, ‘supply chain riskmanagement’, ‘enterprise-wide risk management’ ‘supply chain resilience’, toname a few. However, the development of methods, risk parameters, standards andprocesses to address cybersecurity assurance in supply chains is a relativelylow given the infancy stage of the discipline (Bartol,2014; Boyson, 2014; Lewis, Louvieris, Abbott, Clewley, & Jones, 2014). Consequently, the capabilityor maturity level of an organization has never been widely investigated in thepast, but according to Boyson (2014) it is a necessity to measure the degree towhich a specific practice or a combination of practices can lead to improvedmetrics of performance. An organization’s riskmanagement practices are dependent upon the firm and industrial factors,internal factors, and external factors.
Yet, the current theoretical frameworkhas ignored the influence of firm and industrial factors, and internal factorson the implementation of risk management practices such as potential benefits,emergence of new business trends, increased occurrence of risk events, and theawareness of company vulnerabilities which seemed to be overlooked in thepresent literature (Hudin& Hamid, 2014). From the policy makers’ point of views, thetrend of the risk management implementation could provide valuable insightsabout the implications of the policies that had been established. Therefore, itis crucial to explore the implementation of risk management practices andunderstand the drivers that lead to the way companies implement their riskmanagement practices (Hudin& Hamid, 2014). To mitigate the negative impactsof supply chain risks, various strategies are implemented by the organizationbut these strategies appear focused on internal practices with scant insightson the integration between the focal firm and its supply chain partners (Zhu,Krikke, & Caniëls, 2017).
Scholars are calling for integratedenvironmental risk management where managers are suggested to collaborate withall supply chain partners (i.e. extended integration) and evaluate the outcomesfrom whole supply chain perspective (Zhuet al., 2017). It is imperative for the topmanagement to proactively manage supply chain vulnerabilities given theglobalization and vertical integration of business processes (Rajesh,Ravi, & Venkata Rao, 2014). Supply chain visibility isdeemed as an important antecedent to risk reduction, not only because itspresence helps organizations proactively track products and identify potentialdisruptions, but also because its absence can create new risk (Brandon-Jones,Squire, Autry, & Petersen, 2014). Barratt and Oke (2007) suggestthat the relationship between information sharing and performance is mediatedby visibility and that operational performance can be enhanced throughincreased visibility. However empirical evidence is broadly absent to affirmthe claim.
To draw more insights into risk management practices, scholars areproposing comprehensive statistical analysis incorporating structural equationmodelling can be useful to determine the major factors and enablers of supplychain risk management (Lavastre,Gunasekaran, & Spalanzani, 2014) Businesses are adopting cybersupply chain to reap the efficiency and effectiveness that it has to offer.But, those benefit comes with risk that pose a crippling effect on the supplychain, as a reflection of the increasing global and open nature of bothphysical trade as well as the production, distribution and deployment ofInformation Communications Technology (ICT) systems. In spite of that, cybersupply chain risk management is still new among scholars as it is an emergingdiscipline, thus academic research and publications in this area are rathersparse therefore offering much room for research and the development ofunderstanding of the challenges, solutions and theory underlying both of these (Lintonet al., 2014).
1.4 Problem StatementA cybersecurity breach in amanufacturing industry has detrimental effect not only on the organization andits stakeholders but possibly to the nation where it operates. Recent globalupward trend in security breaches, particularly targeting manufacturingindustry has put the security of cyber supply chains at stake. While the fieldpractitioners are losing millions as a result of cybersecurity compromise andin its mitigation efforts (as discussed earlier), the urgency on this topic isseen lagging in the academic world with CSCRM being regarded still as an’emerging discipline’.
Much groundwork is needed to be done in defining CSCRM,identifying its drivers, practices and factors that contributes to the cybersupply chain resilience. In addition, the current maturity and capability ofthe supply chains in manufacturing industry in Malaysia should be measured to:a) allow policy makers to evaluate the baseline security capabilities of thepractitioners and to devise appropriate strategy to make them more resilientand b) for practitioners so that they can devise strategy to transition from apassive cyber supply chain risk management phase to a more mature, proactive,flexible, and adaptive phase (Boyson,2014). As Malaysia is largelydependent on its manufacturing activities for economic gains, this study isimperative to be held within Malaysian context. The common theme of this study’sliterature gap is attributed to the fact that CSCRM is relatively newdiscipline with limited studies especially one that is done with empiricalanalysis. While the risks associated with supply chain is not new and has beenresearched over the past decade (Ghadge,Dani, & Kalawsky, 2012), specific association to theCSCRM context is limited.
While scholars have identified various types of risks(Rajeshet al., 2014; Rangel, de Oliveira, & Leite, 2014), drivers (Hudin& Hamid, 2014; Manab, Kassim, & Hussin., 2010), mitigation strategies (Chang,Ellinger, Blackhurst, & Chang, 2015; Park et al., 2016), impact on supply chainperformance (Parket al., 2016; Sukati, Hamid, Baharun, & Yusoff, 2012), resilience (Kamalahmadi& Mellat, 2016; Scholten et al., 2015) and risk assessment models (Ali,Warren, & Mathiassen, 2017; Kenyon & Neureuther, 2012), it is not focused on cybersupply chain risk management context per se.
There is no framework or model forcyber supply chain risk management found in the literature at the point whenthis study is undertaken.
