by Xue Zhang, Xiaoya Ba, Bo Li Supply chains are increasingly vulnerable to Supply Chain Cyberattacks (SCCAs) that exploit third-party trust and bypass traditional perimeter-based defenses. This study investigates the propagation mechanisms, impacts, and governance of SCCAs through a qualitative multi-case analysis of seven landmark incidents across diverse sectors, including retail, logistics, energy, and healthcare.
Drawing on the Supply Chain Cyber Security System (SCCSS) framework, we map attack vectors, internal escalation pathways, and recovery dynamics across IT, organizational, and supply chain subsystems. Our cross-case synthesis reveals that SCCAs predominantly originate from third-party connections (contractual governance failures) and escalate through four recurring propagation mechanisms—Network Flattening, Alert Paralysis, Operational Coupling, and Relational Weaponization.
The scale of disruption is systematically amplified by inter-system coordination failures, while resilience emerges only when proactive information sharing is activated by strong internal organizational readiness. We introduce the concept of synergy dependency, demonstrating that external relational governance is hierarchically contingent on internal organizational controls, and reconceptualize Points of Penetration (PoPs) as dynamic transmission mechanisms that convert localized digital breaches into systemic operational paralysis.
PLOS ONE (Medicine) published a clinical update in Research Highlights on 22 May 2026.
The item focuses on Cyberattacks in supply chains: A multi-case study.
Review the original article for the full source wording and details.