The relationship between cybersecurity awareness, cybersecurity supply chain risk management and firm performance

Purpose: The purpose of this paper is to enhance comprehension of the mechanisms by which cybersecurity awareness (CSAW) impact the performance of small- and medium-sized manufacturers. This will be accomplished by testing the mediation effect of cybersecurity supply chain risk management (C-SCRM). Design/methodology/approach: The paper is based on a mixed-method approach consisting of a questionnaire survey and qualitative interviews. The questionnaire survey involves 248 individual respondents and was conducted from December 2023 to February 2024 among Danish small- and medium-sized enterprises (SMEs). Based on these insights, nuanced interpretations of the survey results have been explored through four qualitative interviews in Danish production SMEs. Findings: The results reveal that despite a nonsignificant total effect of CSAW on financial performance, there is interestingly a positive indirect effect through C-SCRM. For commercial performance, both the total effect from CSAW and the indirect effect through C-SCRM was insignificant. Research limitations/implications: Data were collected from Danish companies, each having a single respondent. ... mehrFurther research is necessary to analyze these relationships in other countries and with multiple respondents per company. Practical implications: The results indicate that it pays off to prioritize cybersecurity in supply chains, initially through increased awareness and subsequently with investments in C-SCRM practices to improve financial firm performance. Originality/value: To the best of the authors’ knowledge, this paper is the first to empirically investigate C-SCRM based on NIST 2.0 in the context of SMEs.