Cybersecurity in digital supply chains in the procurement process: introducing the digital supply chain management framework

Abstract

Purpose This paper aims to explore the cybersecurity challenges the electric power industry faces due to its increased reliance on digital supply chains (DSCs), focusing on the procurement phase. Design/methodology/approach This study uses qualitative methods, with 17 semi-structured interviews conducted among industry participants to delve deep into the challenges and potential solutions. The Gioia methodology was applied to analyse the interview data. The ecosystem and procurement theory is used to understand the interconnectedness and vulnerabilities within the electric power industry’s DSC. Findings Three aggregated dimensions were identified: cybersecurity, risk management and supplier tensions. Key findings suggest the importance of precise cybersecurity requirements, continuous monitoring, engagement with all supply chain actors and adaptability to emerging threats. Practical implications This paper presents a framework to systematically address and mitigate cybersecurity risks in the DSC. Combining theoretical foundations with reasonable measures can significantly enhance cybersecurity resilience. By implementing these guidelines, organisations can foster collaboration across the supply chain, maintain regulatory compliance and continually adapt to the evolving threat landscape. Originality/value The paper is based on unique interview data from actors in the electric power industry. It presents a new framework for managing cybersecurity in DSCs, underpinned by the theoretical lenses of ecosystems and procurement.