Cyber resilience in organisations and supply chains: from perceptions to actions

Purpose – This empirical study investigates the direct and indirect effects on managers’ perceptions of cyber risks, the implementation of cyber resilience strategies and the perceived effectiveness of these strategies for supply chains. Cyber risks pose significant threats to organisations and supply chains. Yet they remain insufficiently addressed and managed. Design/methodology/approach – Primary data were collected from a sample of Italian organisations using a survey. The structural equation modelling methodology was employed to empirically investigate cyber resilience strategies in supply chains. Findings – Results indicate that effective cyber resilience is linked to awareness of the negative impacts of cyber risks, particularly supply chain disruptions. This awareness leads to the adoption of various cyber resilience strategies. According to managers’ perceptions, several strategies are identified in the study as the most effective in enhancing the cyber resilience supply chains. The findings offer insights for managers regarding the relationship between cyber risk perceptions, supply chain cyber resilience strategies and their effectiveness. These relationships are studied using the theory of perceived risk and the dynamic capabilities theory. Originality/value – This study advances knowledge for academics and practitioners in the fields of supply chain resilience and supply chain risk management. It contributes to the development of a risk-based thinking model in organisations and supply chains by drawing upon a dual theoretical perspective.