Title:
Cross-Unit Cybersecurity Variability as a Driver of Systemic Risk in Critical Infrastructure Supply Chains

Authors:
Dr. Robb Shawe, Dr. Gilbert B. Mengnjo, USA

Abstract:

Cybersecurity risk in critical infrastructure sectors is commonly evaluated using enterprise-level indicators that aggregate performance across organizational units and supply chain partners. While aggregation simplifies oversight and reporting, it obscures meaningful variation in cybersecurity capability that can amplify systemic risk in interdependent systems. This article examines cross-unit cybersecurity variability as an underappreciated yet decisive driver of systemic cyber risk in critical infrastructure supply chains. Drawing on assessment-based evidence from healthcare supply chains and on governance and resilience analyses from energy and smart-grid infrastructure contexts, the study reframes cybersecurity risk as a distributional phenomenon shaped by uneven capabilities, governance fragmentation, and interorganizational dependence. This analysis indicates that governance approaches relying on average maturity or compliance status can systematically underestimate exposure and weaken resilience planning. By foregrounding variability and weakest-link dynamics, this article advances cybersecurity governance theory and offers practical guidance for improving oversight, prioritization, and resilience across critical infrastructure ecosystems.

DOI: http://dx.doi.org/10.51505/ijaemr.2026.11208