ABSTRACT
This paper investigates the role of general cybersecurity and cybersecurity policy awareness in enhancing supply chain cyber resilience reactive capabilities. Theorizing from the Protection Motivation Theory, 200 Small and Medium Enterprises (SMEs) were contacted to understand their perception of cybersecurity and policy awareness in affecting their overall cybersecurity hygiene. Data collection was carried out using a questionnaire survey and analysed via Partial Least Squares-based Structural Equation Modelling to validate the research framework. Results of analysis outlined the importance of general cybersecurity and policy awareness in shifting employees’ compliance attitude towards enhancing supply chain reactive capability. Using a mixed-method approach, post-survey interviews were further conducted with practitioners in SMEs to understand the study findings. The implications outlined in this study emphasises the importance of prioritising preventive measures and proper employee cyber hygiene to address the risk and loss following a cyber-attack. Key supply chain operational areas in SMEs are still largely supported by the human workforce serving as its backbone. An unwarranted attack could cause adverse business impacts. Thus, practitioners and SMEs would be alerted to the critical need for a robust security posture and that SMEs’ need of the hour lies at the core of its policy and employee cybersecurity hygiene.