Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains

Abstract

Digitalization has revolutionized the supply chain networks but also introduces vulnerabilities to the cyber threats. Notably, in past two years, the cyber-attacks on different organizations worldwide have increased at an alarming rate resulting in significant financial loss to supply chains, intellectual property breaches and supply disruptions. As a result, companies are making significant investments in their cybersecurity. However, many incidents were reported where threat actors attacked a company using the shared digital systems with its suppliers. Therefore, it is important that suppliers are selected based on their cyber resilience. This paper identifies the cyber resilience criteria and proposed a multi criteria decision making based framework to evaluate the cyber resilience of a supply chain partner. It has been also realized that investment in organizational cybersecurity alone is not sufficient to protect supply chains. Companies are now investing in increasing their supply chain cyber capabilities. In this direction, paper also proposes a mixed integer linear program (MILP) to jointly optimize supplier selection and cyber investment decisions in a supply chain based on the supplier's current cyber resilience and potential return on the cyber investments made in selected suppliers. Computational experiments are conducted to study the tradeoffs and impact of sourcing strategy, supplier capacity, cyber security investment decisions on supply chain cyber resilience. The findings underscore that an integrated decision making of supplier selection and cyber investments maximizes the supply chain cyber resilience.