Cyber supply chain risk management: Toward an understanding of the antecedents to demand for assurance

Clark Hampton, Steve G. Sutton, Vicky Arnold, Deepak Khazanchi

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


Recognizing the need for effective cyber risk management processes across the supply chain, the AICPA issued a new SOC in March 2020 for assuring cyber supply chain risk management (C-SCRM) processes. This study examines supply chain relationship factors and cyber risk issues to better understand the demand for C-SCRM assurance. Resource-Advantage Theory of Competition provides the conceptual foundation for assessing the dual drivers of relationship building and cyber risk management on demand for assurance. We use a field survey to collect data from 205 professionals enabling evaluation of the complex relationships in the theoretical model. Results support all hypotheses, provide satisfactory model fit, and support the underlying theory. Trust and cyber supply chain risk both positively influence demand for assurance over C-SCRM processes. This study expands the literature on cyber assurance by auditors and elaborates on overall supply chain processes that help drive value from auditors providing such assurance.

Original languageEnglish (US)
Pages (from-to)37-60
Number of pages24
JournalJournal of Information Systems
Issue number2
StatePublished - Jun 1 2021


  • Cyber assurance
  • Cyber risk management
  • Cyber supply chain risk management
  • SOC reports
  • Supply chain risk management
  • Voluntary assurance

ASJC Scopus subject areas

  • Management Information Systems
  • Software
  • Information Systems
  • Accounting
  • Human-Computer Interaction
  • Information Systems and Management
  • Management of Technology and Innovation


Dive into the research topics of 'Cyber supply chain risk management: Toward an understanding of the antecedents to demand for assurance'. Together they form a unique fingerprint.

Cite this