A critical balance: collaboration and security in the IT-enabled supply chain

Integration of information flows facilitated by advances in information technology (IT) has increased collaboration across supply chains. However, benefits of interconnectivity are not gained without risk, as IT has removed protective barriers around assets and processes. Thus, supply chains are better able to satisfy customer needs yet are potentially more vulnerable to disruption due to an array of IT-specific threats. Highly interconnected supply chains would appear to be especially prone to these hazards. Although supply chain risk and information technology risk have been studied in isolation, little has been done to define the impact of information security on supply chain management. This exploratory investigation addresses this deficiency in the literature by defining information security risk in the context of supply chain management. It identifies, categorizes, and validates information technology threats as sources of risk in the supply chain. It then establishes a conceptual framework for further study into supply chain information security risk. Finally, it discusses the implications of information security risk in the supply chain. It is suggested that supply chain risk is affected by IT threats and therefore the benefits of collaboration facilitated by IT integration must exceed the increase in risk due to IT security threats.