Culture and the Supply Chain

About

As organizations shore up their cybersecurity defenses, small to medium-sized enterprises (SMEs) continue to lag behind. Although efforts are being mobilized across the public and private sector to address this gap, the question remains: how effective are these solutions and what can we learn from these new approaches and interventions? Early findings from a previous HPI-MIT Designing for Sustainability project indicate existing mechanisms and solutions within the private sector primarily address symptoms of the problem by altering technical processes. However, core elements of the problem (i.e., mismatches in culture) are not being addressed and more emphasis needs to be placed on human processes like programs and training to embed and grow shared cybersecurity values across organizations. This project investigates how to develop a shared value model of cybersecurity that can be transmitted and adopted by organizations throughout the supply chain.

Through interviews and focus groups with 40 companies, the team identified key challenges SMEs face (e.g., limited expertise, outdated training, overwhelming compliance demands) and strategies large firms use to support them—from providing tools and education to building peer communities.