Trust is Essential for Stable Supply Chains

Leopold Ried / Stephanie Eckerd / Lutz Kaufmann / Craig R. Carter - February 10, 2022

Tips for practitioners

The occurrence of information leaks within supply chains has steadily increased over time. When it comes to digitalcommunication, just one wrong click (e.g., when sending an email) can lead to an unwanted transmission of data. At times, this happens due to something far more serious than a mere oversight, as shown in the case of General Motors. The company is alleged to have sent one major supplier’s product design to others in an attempt to obtain a better purchase price. Regardless of whether such cases happen intentionally or unintentionally, the consequences remain the same: Any company whose information is unwittingly entered into circulation will see its ability to compete weakened. This presents managers with the increasing challenge of having to weigh the benefits of information disclosure against the potential risks.

The impacts of a data breach do not only affect the companies directly involved

Past studies have focused on the effects that unauthorized information disclosure has on the relationship between two companies (i.e., the “victim” and the “offender”). Spillover effects, which may arise after a data breach, are another important aspect to consider. For example, a third company in this scenario (i.e., one not directly affected by the data breach) would still need to question what effects the situation may have on any future cooperation. Would this third company, as a supplier, continue to share sensitive information with a buyer known to have improperly disclosed such information in the past?

We can infer that a supplier’s willingness to disclose such information to this buyer will decrease. And at that point, it may be worthwhile to pose a more precise question: Does it make a difference when the information is disclosed accidentally? Theories from social psychology suggest that it might. As such, it is expected that an intentional disclosure of sensitive information would be perceived more negatively than would an unintentional disclosure. It is also of interest to consider the potential actions a supplier may take after having observed the case from afar. Is it their faith in the company’s competence that wanes? Or, alternatively, their faith in its integrity?

Intentional disclosure of information substantially destroys trust

The results of the experimental study are unambiguous: There is a clear spillover effect. Every type of unauthorized transmission of data compromises the trust that a supplier has in its buyer. As is to be expected, cases of intentional data disclosure carry far more serious consequences. This effect is further amplified if the third company observing the case is operationally similar to the “victim” in terms of its product orientation. As a result, that company’s willingness to share information decreases even further.

In the case of an unintentional disclosure, it is the faith in a company’s ability to protect its data (i.e., its competence) that weakens. That being said, the observing companies may be more willing to give that buyer a second chance—as long as that buyer does not make the same mistake again. By comparison, in the case of an intentional leak, the integrity of the offending company is called into question, and any participating parties will react with far less leniency. In both cases, collateral damage is unavoidable: If trust in one aspect is broken, trust in the other will inevitably decline as well.

Overall trust in a company will remain compromised—even if the data breach was only an accident

Even in the case of an unintentional leak, managers at observing companies may suspect a lack of integrity on the part of the “offender.” According to one interviewee, “the customer did not have appropriate systems in place to prevent that accidental release and, therefore, they don’t have systems, so they are not really thinking about that integrity part.” As long as managers work with sensitive data, they should be aware of the fact that observers will doubt the integrity of the entire enterprise in case of a breach—even if caused by a mere oversight.

Literature reference and methodology

181 participants were recruited for this study. At least one year of professional work experience was prerequisite for participation. The study was conducted as an experiment comprising four similar scenarios, before and after which participants gave an assessment. In addition to this, a small group of participants later gave more detailed, individual interviews.

• Ried, L./Eckerd, S./Kaufmann L./Carter, C. (2021): Spillover effects of information leakages in buyer-supplier-supplier triads, in: Journal of Operations Management (67), pp. 280-306..