1.3 resilience is deemed to be of value (Scholten

1.3 Research Gap

Academic supply chain management
literature is criticized for failing to move beyond theory to offer management
guidance on the implementation and operationalization of the concept of supply
chain resilience (Scholten
et al., 2015). Studies in relation to the
involvement of the diverse stakeholders such as beneficiaries, the public,
media, military and governments for building resilience is deemed to be of
value (Scholten
et al., 2015). While there were few studies
on the topic of resilience to date, the research picture is incomplete and
require more positive research in order to understand fully the complexity of
supply chain risk management before practicable managerial guidelines and
frameworks can be developed (Taylor,
Jüttner, Peck, & Christopher, 2010).

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now


The globalized business nature
of today requires supply chain information integration, both inside and outside
the organizational boundary, for responsive managerial decisions (Wong,
Lai, & Bernroider, 2015). While performance
contingencies of supply chain integration has been discussed in the supply
chain management literature, little is known about how the contextual
conditions which affect the information integration across supply chain
partners (Wong
et al., 2015). In addition, although academic
research to date has examined diverse set of issues related to supply chain
security management, most published articles are conceptual, prescriptive, or
anecdotal in nature. That is, the proposed or suggested practices for managing
supply chain security have not been validated because empirical research on
managing supply chain security is lacking (Martens,
Crum, & Poist, 2011)


Although researches on cyber
supply chain risk management as a topic on its own is new in supply chain
management perspective, but it is noted that scholars have discussed on the
risk it possesses, the devastating impact to supply chain performance and
resilience under various keywords such as ‘risk management’, ‘supply chain risk
management’, ‘enterprise-wide risk management’ ‘supply chain resilience’, to
name a few. However, the development of methods, risk parameters, standards and
processes to address cybersecurity assurance in supply chains is a relatively
low given the infancy stage of the discipline (Bartol,
2014; Boyson, 2014; Lewis, Louvieris, Abbott, Clewley, & Jones, 2014). Consequently, the capability
or maturity level of an organization has never been widely investigated in the
past, but according to Boyson (2014) it is a necessity to measure the degree to
which a specific practice or a combination of practices can lead to improved
metrics of performance.


An organization’s risk
management practices are dependent upon the firm and industrial factors,
internal factors, and external factors. Yet, the current theoretical framework
has ignored the influence of firm and industrial factors, and internal factors
on the implementation of risk management practices such as potential benefits,
emergence of new business trends, increased occurrence of risk events, and the
awareness of company vulnerabilities which seemed to be overlooked in the
present literature (Hudin
& Hamid, 2014).  From the policy makers’ point of views, the
trend of the risk management implementation could provide valuable insights
about the implications of the policies that had been established. Therefore, it
is crucial to explore the implementation of risk management practices and
understand the drivers that lead to the way companies implement their risk
management practices (Hudin
& Hamid, 2014).


To mitigate the negative impacts
of supply chain risks, various strategies are implemented by the organization
but these strategies appear focused on internal practices with scant insights
on the integration between the focal firm and its supply chain partners (Zhu,
Krikke, & Caniëls, 2017). Scholars are calling for integrated
environmental risk management where managers are suggested to collaborate with
all supply chain partners (i.e. extended integration) and evaluate the outcomes
from whole supply chain perspective (Zhu
et al., 2017). It is imperative for the top
management to proactively manage supply chain vulnerabilities given the
globalization and vertical integration of business processes (Rajesh,
Ravi, & Venkata Rao, 2014).


Supply chain visibility is
deemed as an important antecedent to risk reduction, not only because its
presence helps organizations proactively track products and identify potential
disruptions, but also because its absence can create new risk (Brandon-Jones,
Squire, Autry, & Petersen, 2014). Barratt and Oke (2007) suggest
that the relationship between information sharing and performance is mediated
by visibility and that operational performance can be enhanced through
increased visibility. However empirical evidence is broadly absent to affirm
the claim. To draw more insights into risk management practices, scholars are
proposing comprehensive statistical analysis incorporating structural equation
modelling can be useful to determine the major factors and enablers of supply
chain risk management (Lavastre,
Gunasekaran, & Spalanzani, 2014)


Businesses are adopting cyber
supply chain to reap the efficiency and effectiveness that it has to offer.
But, those benefit comes with risk that pose a crippling effect on the supply
chain, as a reflection of the increasing global and open nature of both
physical trade as well as the production, distribution and deployment of
Information Communications Technology (ICT) systems. In spite of that, cyber
supply chain risk management is still new among scholars as it is an emerging
discipline, thus academic research and publications in this area are rather
sparse therefore offering much room for research and the development of
understanding of the challenges, solutions and theory underlying both of these (Linton
et al., 2014).


1.4 Problem Statement

A cybersecurity breach in a
manufacturing industry has detrimental effect not only on the organization and
its stakeholders but possibly to the nation where it operates. Recent global
upward trend in security breaches, particularly targeting manufacturing
industry has put the security of cyber supply chains at stake. While the field
practitioners are losing millions as a result of cybersecurity compromise and
in its mitigation efforts (as discussed earlier), the urgency on this topic is
seen lagging in the academic world with CSCRM being regarded still as an
’emerging discipline’. Much groundwork is needed to be done in defining CSCRM,
identifying its drivers, practices and factors that contributes to the cyber
supply chain resilience. In addition, the current maturity and capability of
the supply chains in manufacturing industry in Malaysia should be measured to:
a) allow policy makers to evaluate the baseline security capabilities of the
practitioners and to devise appropriate strategy to make them more resilient
and b) for practitioners so that they can devise strategy to transition from a
passive cyber supply chain risk management phase to a more mature, proactive,
flexible, and adaptive phase (Boyson,
2014). As Malaysia is largely
dependent on its manufacturing activities for economic gains, this study is
imperative to be held within Malaysian context.


The common theme of this study’s
literature gap is attributed to the fact that CSCRM is relatively new
discipline with limited studies especially one that is done with empirical
analysis. While the risks associated with supply chain is not new and has been
researched over the past decade (Ghadge,
Dani, & Kalawsky, 2012), specific association to the
CSCRM context is limited. While scholars have identified various types of risks
et al., 2014; Rangel, de Oliveira, & Leite, 2014), drivers (Hudin
& Hamid, 2014; Manab, Kassim, & Hussin., 2010), mitigation strategies (Chang,
Ellinger, Blackhurst, & Chang, 2015; Park et al., 2016), impact on supply chain
performance (Park
et al., 2016; Sukati, Hamid, Baharun, & Yusoff, 2012),  resilience (Kamalahmadi
& Mellat, 2016; Scholten et al., 2015) and risk assessment models (Ali,
Warren, & Mathiassen, 2017; Kenyon & Neureuther, 2012), it is not focused on cyber
supply chain risk management context per se. There is no framework or model for
cyber supply chain risk management found in the literature at the point when
this study is undertaken.