Umsetzung eines Supply Chain Cybersecurity Projektes in KMU: Von der Theorie zur Praxis. 

Abstract

(i) Motivation and problem definition According to recent media reports, cyberattacks are increasing dramatically in frequency. Sophisticated attackers are constantly identifying vulnerabilities along entire supply chains and exploiting them accordingly. Because small and medium-sized enterprises (SMEs) are defined in the specialist literature as the weakest link in terms of the cyber security of entire supply chains, they require greater attention. Since SMEs are severely limited in their availability of resources, standardized and more complex specifications or guidelines, such as those from the BSI, are rarely suitable for these companies. The lack of sound support that is suitable for SMEs thus endangers all partners involved in the respective supply chain networks. It is precisely this problem, i.e., the lack of accompanying but sound support, that is the focus of this work. This problem is solved with the help of an implementation project that arises from theory by comparing it with practice. (ii) Content structure and methodology To solve the problem, the thesis was structured around four research questions. First, the theoretical framework was defined by key terms in order to create a common understanding. Building on this, certain factors associated with the defined terms were analyzed to identify further limitations that would be essential to consider. Based on this, five suitable methods for project implementation were described and evaluated from the literature. These were combined into a theoretical project plan, which was then tested in practice in the context of a real project with two SMEs. The findings from the practical testing were compared with the theory in order to present well-founded results. (iii) Concrete results of the work The chosen project approach is fundamentally practicable. In particular, the methodology of compiling the content in a handbook was rated very positively. The chosen structure for the general course of the project was also rated as suitable. The theory was also particularly confirmed in points such as the lack of resources in SMEs. Nevertheless, some gaps in the theory were also uncovered. One example is the fact that SMEs also have different preferences and requirements among themselves, which leaves open the possibility of a universal solution. In addition, an additional core aspect was identified that points to a further theoretical gap. The study found that even when SMEs are provided with adequate materials and support, they show little motivation to accept and implement them. This problem was not addressed in the literature.

Date of Award	2025
Original language	German (Austria)
Supervisor	Carina Wagner (Supervisor)