Cyber Risk Exposure through Supply Chain Information Network: An Application of Social Network Analysis

Abstract

**Please note that the full text is embargoed until 08/01/2024** In this paper, I study the impact of supply chain information networks on cyber risk exposure. I document that firms that are more central in the supply chain information network have higher cyber risk exposure. The rapid advancement of information and communication technology (ICT) has led to increased interconnectedness within global supply chain networks. While this enhances efficiency and profitability, it also exposes these entities to systematic and contagious risks, as cyber criminals exploit the connectedness to infiltrate multiple firms simultaneously. High-profile cyber-attacks like NotPetya, SolarWinds, and Colonial Pipeline have devastating effects on organizations and pose threats to national security. In response to these attacks, the United States government declared vulnerabilities in the supply chain network as a national emergency in 2022, leading to efforts to reinforce cybersecurity systems. However, limited research exists on supply chain factors that determine firms' exposure to cyber-attacks and cyber risk management policies. This paper contributes to the economics of cybercrime literature by exploring the interconnections of digital infrastructure among firms in the supply chain network and demonstrating the use of network theory and empirical analysis techniques to assess firm risk profiles.