Trust is Essential for Stable Supply Chains
How suppliers react to potential information leaks
Leopold Ried / Stephanie Eckerd / Lutz Kaufmann / Craig R. Carter - 10. Februar 2022
For any companies that rely on each other within a supply chain, cooperation based on trust is a major asset. Such cooperation allows for stability and long-lasting, mutual success. Over the course of their relationship, these companies regularly trade sensitive information with each other. But what happens if such information is leaked to the outside world? Are there spillover effects on unaffected companies?
The occurrence of information leaks within supply chains has steadily increased over time. When it comes to digitalcommunication, just one wrong click (e.g., when sending an email) can lead to an unwanted transmission of data. At times, this happens due to something far more serious than a mere oversight, as shown in the case of General Motors. The company is alleged to have sent one major supplier’s product design to others in an attempt to obtain a better purchase price. Regardless of whether such cases happen intentionally or unintentionally, the consequences remain the same: Any company whose information is unwittingly entered into circulation will see its ability to compete weakened. This presents managers with the increasing challenge of having to weigh the benefits of information disclosure against the potential risks.
The impacts of a data breach do not only affect the companies directly involved
Past studies have focused on the effects that unauthorized information disclosure has on the relationship between two companies (i.e., the “victim” and the “offender”). Spillover effects, which may arise after a data breach, are another important aspect to consider. For example, a third company in this scenario (i.e., one not directly affected by the data breach) would still need to question what effects the situation may have on any future cooperation. Would this third company, as a supplier, continue to share sensitive information with a buyer known to have improperly disclosed such information in the past?
We can infer that a supplier’s willingness to disclose such information to this buyer will decrease. And at that point, it may be worthwhile to pose a more precise question: Does it make a difference when the information is disclosed accidentally? Theories from social psychology suggest that it might. As such, it is expected that an intentional disclosure of sensitive information would be perceived more negatively than would an unintentional disclosure. It is also of interest to consider the potential actions a supplier may take after having observed the case from afar. Is it their faith in the company’s competence that wanes? Or, alternatively, their faith in its integrity?
Intentional disclosure of information substantially destroys trust
The results of the experimental study are unambiguous: There is a clear spillover effect. Every type of unauthorized transmission of data compromises the trust that a supplier has in its buyer. As is to be expected, cases of intentional data disclosure carry far more serious consequences. This effect is further amplified if the third company observing the case is operationally similar to the “victim” in terms of its product orientation. As a result, that company’s willingness to share information decreases even further.
In the case of an unintentional disclosure, it is the faith in a company’s ability to protect its data (i.e., its competence) that weakens. That being said, the observing companies may be more willing to give that buyer a second chance—as long as that buyer does not make the same mistake again. By comparison, in the case of an intentional leak, the integrity of the offending company is called into question, and any participating parties will react with far less leniency. In both cases, collateral damage is unavoidable: If trust in one aspect is broken, trust in the other will inevitably decline as well.
Overall trust in a company will remain compromised—even if the data breach was only an accident
Even in the case of an unintentional leak, managers at observing companies may suspect a lack of integrity on the part of the “offender.” According to one interviewee, “the customer did not have appropriate systems in place to prevent that accidental release and, therefore, they don’t have systems, so they are not really thinking about that integrity part.” As long as managers work with sensitive data, they should be aware of the fact that observers will doubt the integrity of the entire enterprise in case of a breach—even if caused by a mere oversight.
Tips for practitioners
- If you, as the observer, learn that a company has leaked information, it is worth looking into how the leak occurred in the first place. Even if the data has been shared inadvertently, outsiders will often call the company’s values, honesty, and overall integrity into question. Be aware of this and question whether casting such doubts is appropriate for the case at hand. Sometimes, it truly does come down to somebody making one wrong click. In such a case, trustful cooperation between you and the affected company remains just as possible as it had been before the leak.
- If your company has intentionally leaked information, you, as a manager, should take action! Show that you are taking countermeasures and that such an incident will not happen again. Make efforts to foster an even stronger level of awareness in your employees concerning the secure handling of sensitive data. This will help you to rebuild trust between you and your partners.
Literature reference and methodology
181 participants were recruited for this study. At least one year of professional work experience was prerequisite for participation. The study was conducted as an experiment comprising four similar scenarios, before and after which participants gave an assessment. In addition to this, a small group of participants later gave more detailed, individual interviews.
Ried, L./Eckerd, S./Kaufmann L./Carter, C. (2021): Spillover effects of information leakages in buyer-supplier-supplier triads, in: Journal of Operations Management (67), pp. 280-306.
Assistant Professor Leopold Ried
Dr. Leopold Ried is an Assistant Professor of Supply Chain Management at the Rotterdam School of Management, Erasmus University. He received his doctorate from the WHU – Otto Beisheim School of Management. His core research interests include business-to-business negotiations and opportunistic behaviors in buyer-supplier relationships.
Professor Stephanie Eckerd
Dr. Stephanie Eckerd is an Associate Professor at the Haslam College of Business at the University of Tennessee and has been appointed to the Jerry and Suzanne Ratledge Professorship. She researches behavioral operations and supply chain management, investigating how social and psychological variables impact various aspects of buyer-supplier relationship management.
Professor Lutz Kaufmann
Dr. Lutz Kaufmann is a Professor at the WHU – Otto Beisheim School of Management and an expert in business negotiations. His work focuses on empirical research concerning B2B negotiations and procurement strategies. Since 2008, Lutz Kaufmann is the European Editor of the Journal of Supply Chain Management (JSCM). From 2010 – 2014, he was an Associate Fellow of Saïd Business School at the University of Oxford in the United Kingdom. He is the 2021 OSCM Distinguished Scholar at the Academy of Management.
Professor Craig R. Carter
Dr. Craig R. Carter is a Professor of Supply Chain Management at the W.P. Carey School of Business at Arizona State University. In his work, he focuses on sustainable SCM and researches decision-making processes within the context of procurement.