Eleven years of cyberattacks on Chinese supply chains in an era of cyber warfare, a review and future research agenda
| DOI | https://doi.org/10.1108/JABS-11-2020-0444 |
| Published date | 03 November 2021 |
| Date | 03 November 2021 |
| Pages | 371-395 |
| Subject Matter | Strategy,International business |
| Author | James Pérez-Morón |
Eleven years of cyberattacks on Chinese
supply chains in an era of cyber warfare,
a review and future research agenda
James Pérez-Mor
on
Abstract
Purpose –The contributionof this study aims to twofold: First, it provides an overview of the currentstate
of research on cyberattacks on Chinese supply chains (SCs). Second, it offers a look at the Chinese
Government’sapproach to fighting cyberattackson Chinese SCs and its callsfor global governance.
Design/methodology/approach –A comprehensive literature review was conducted on Clarivate
Analytics’ Web of Science, in Social Sciences Citation Index journals, Scopus and Google Scholar,
publishedbetween 2010–2021. A systematicreview of practitioner literature wasalso conducted.
Findings –Chinese SCs have become a matter of national security, especially in the era of cyber
warfare. The risks to SC havebeen outlined. Cybersecurity regulations are increasing as China aims to
build a robust environment for cyberspace development. Using the Technology-organization-
environment (TOE)framework, the results show that thetop five factors influencing the adoptionprocess
in firms are as follows: relative advantage and technological readiness (Technology context); top
management support and firm size (Organization context) and government policy and regulations
(Environmentcontext).
Research limitations/implications –This review focuses on cyberattacks on Chinese SCs and great
care was taken when selecting search terms. However, the author acknowledges that the choice of
databases/termsmay have excluded a few articleson cyberattacks from this review.
Practical implications –This review provides managerial insights for SC practitioners into how
cyberattackshave the potential to disrupt theglobal SC network.
Originality/value –Past researchers proposed a taxonomic approach to evaluate progress with SC
integration into Industry 4.0; in contrast, this study is one of the first steps toward an enhanced
understandingof cyberattacks on Chinese SCs and their contributionto the global SC network using the
TOE framework.
Keywords China, Supply chain, Supply chain management, Cybersecurity, Cyberattacks,
Supply chain risks, TOE framework
Paper type Conceptual paper
1. Introduction
Increasing technological sophistication has led to a rise in cybercrime (Soumyo, 2004;Sabillon,
2016;Kennedy et al.,2019;Chandra and Snowe, 2020;Buil-Gil et al., 2021), which affects
global business every day (Zheng and Albert, 2019;Hassija et al., 2020). Thus, governments,
organizations and businesses of all sizes must prioritize protections against it to mitigate-related
risks (Bambauer, 2014;Brookson et al., 2016;Pandey et al., 2019;Simon and Omar, 2019;
Li and Xu, 2021), prevent their information and services (Harfouche and Robbin, 2015;
Minnaar, 2017;Rahman et al.,2020;Alzubaidi, 2021;Cascavilla et al., 2021) to enrich their
competitiveness level (Duong et al., 2020;Yassine and Singh, 2020).
Cybercrime (unlawful acts that target or use computers, computer networks or networked
devices) (Dashora, 2011;Choo et al., 2021) is more of a general term. Cyberattacks, a
James Pe
´rez-Mor
on is
based at Business
Department, Universidad
Tecnol
ogica de Bolı
´var,
Cartagena De Indias,
Colombia.
Received 10 November 2020
Revised 29 April 2021
25 July 2021
9 August 2021
Accepted 10 August 2021
The author would like to thank
the two unknown reviewers for
their constructive feedback to
improve the contents of this
paper. The author also
gratefully thanks PhD Felix
Wang (Taiwan), for his support.
Needless to say, this does not
imply that they endorse the
analysis in this publication.
Tjebbe Donner (Scotland)
assisted in copy editing the
manuscript.
DOI 10.1108/JABS-11-2020-0444 VOL. 16 NO. 2 2022, pp. 371-395, ©Emerald Publishing Limited, ISSN 1558-7894 jJOURNAL OF ASIA BUSINESS STUDIES jPAGE 371
branch of cybercrime, are more specific and relate to specific attacks made on someone
using new technology, a malicious and deliberate attempt by an individual or organization
to breach the information system of another individual or organization. In total, 53% of
cyberattacks result in over US$500,000 in damages and other serious consequences
(Lindsay, 2015;Cisco Annual Cybersecurity Report, 2020). Cybersecurity is the
use of technology to protect information (Darko and Boris, 2017;Colajanni et al.,2018;
Li and Xu, 2021).
From a managerial perspective, senior global executives have understood the importance
of cybersecurity, the practice of defending computers, servers, mobile devices, electronic
systems, networks and data from malicious attacks (Darko and Boris, 2017;Massimino
et al.,2018
;Jang-Jaccard and Nepal, 2021;Kaspersky, 2021) and 83% of them have
improved the security of computers, devices or systems; 78% have improved data
protection capabilities; 63% have assessed cyber risks/controls against cybersecurity
standards; and 62% have strengthened cybersecurity policies and procedures (Sarathy,
2006;Marsh Microsoft Global Cyber Risk Perception Survey, 2019;Parenty and Domet,
2019;Annarelli et al., 2020) in and at their companies.
Cybercrimes in China are 1/3 of total crimes nationwide, with a growth rate of 30% per year
(Jiang, 2020). In total, 80% of people and businesses in China have experienced
cybercrime (Mu and Yonggang, 2014) including the disclosure of personal information,
online fraud, stolen accounts or passwords and viruses (Kshetri, 2013;Cho and Chung,
2017;Zhang et al., 2018;China Internet Network Information Center, 2017). Internet users
have also suffered cybercrimes, e.g. in India 80%, the USA 61%,France 60%, New Zealand
59%, Australia 57%, UK 57%, Italy 53%, The Netherlands 51%,–Germany 47% and Japan
42% (Xuetong, 2006;Bellabona and Spigarelli, 2007;Hang, 2017;NortonLifeLock Cyber
Safety Insights Report, 2019). As Washington and Beijing trade tensions rise, 87% from
people in the USA considered cyberattacks from China as concern number two, others are
economic threats, environmental damage and human rights (Spring 2018 Global Attitudes
Survey, 2018).
Many multinational enterprises have made China their operational base (Singh and Gaur,
2020), which points out the importance of China’s measures to tackle serious risks
regarding the security of its SC (Savitri and Dyah, 2019).This has led to China implementing
preventive measures against these tactics, including new technologies with interesting
functionalities to help firms secure their SCs (Sarathy, 2006;Cui et al., 2020). The
development of cybersecurity norms –namely, the “rules of the road” to guide the behavior
of nation-states in cyberspace (Deibert, 2011)–is emerging as a primary international
security challenge (Neutze and Nicholas, 2013;Visner, 2013;Zhao, 2016;Kokas, 2018).
China believes that the best way to overcome these challenges is to determine/cyberspace
standards according to its domestic conditions or, in other words, to prioritize solving
internal problems (Nathan, 2012;Kshetri, 2013;Li et al., 2019;Qian, 2019;Manantan, 2021)
and to stop gradually the rely on imported basic hardware and software (Mu and
Yonggang, 2014). Chinese Government has expedited key policies to strengthen its
technological ecosystem including the “Made in China 2025”, the “Internet Plus” plan, the
“Digital Silk Road” and the “Belt and Road Initiative”among others (Jiang, 2020).
This research aims to explore the cyberattacks on Chinese SCs using the Technology-
organization-environment (TOE) framework, focusing on the following research question
(RQ): What has been China’s approach to combat cyberattacks on its SC and its calls for
the global governance?
The contribution of this study is twofold and includes the following research objectives
(ROs) in relation to this RQ:
RO1. To provide an overview of the current state of research on cyberattacks on
Chinese SC.
PAGE 372 jJOURNAL OF ASIA BUSINESS STUDIES jVOL. 16 NO. 2 2022
To continue reading
Request your trial