ORCID Identifier(s)


Graduation Semester and Year

Spring 2024



Document Type


Degree Name

Doctor of Philosophy in Accounting



First Advisor

Nandu J. Nagarajan


In my dissertation, I examine how a firm's position in the supply chain information network affects its cyber risk exposure and cyber risk management. First, I document that firms that are more central in the supply chain information network have higher cyber risk exposure. Second, the positive association between firm centrality and cyber risk is mitigated by both the IT governance strength of the focal firm and its supply chain partners. Third, the exposure to cyber-attacks through supply chain information networks also has several implications on corporate policies. I find that managers of more central firms are more likely to include discussions of their supply chain cyber risks in their SEC 10-K filings to inform investors about such exposure. Additionally, more central firms reduce the likelihood and impact of being breached by adopting more stringent internal controls over IT and inventory. Additionally, central firms maintain a higher level of cash holdings to reduce the impact of actual supply chain cyber-attacks. Finally, firms proactively monitor the IT governance of their supply chain partners.


Supply chain centrality, Cyber risk, IT governance, Risk management


Accounting | Business Analytics | Management Information Systems | Operations and Supply Chain Management


Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Available for download on Friday, May 09, 2025