FORTIFYING AVIATION SUPPLY CHAINS IN THE DIGITAL ERA: AN INTEGRATED CYBERSECURITY RISK ASSESSMENT AND STRATEGIC MITIGATION FRAMEWORK FOR PAKISTAN’S AVIATION ECOSYSTEM

Abstract

The high-paced digitalization of air supply chains has transformed the efficiency in operation, coordination and real-time visibility in the chain of stake (airlines, airports, maintenance providers, logistics operators and technology vendors). Nevertheless, an escalation of dependent existence on linked online frameworks has also presented a bigger cyber-attack area of the aviation ecosystem, particularly in developing economies where cybersecurity frameworks in control and organizations are still not fully established. The research focuses on the dynamics of the aviation industry cybersecurity risk in Pakistan and develops an integrated and holistic structure of the risk assessment and mitigation strategic perspective. The research is based on a sequential explanatory mixed-method design which entails the synthesis of both quantitative research findings based on survey research of 150 aviation professionals and the results of qualitative research in which 12 semi structured interviews are used. The association between digitalization, organizational cybersecurity maturity, regulatory preparedness, vendor governance, cybersecurity vulnerabilities and supply chain resiliency were analyzed by using multiple regression and moderation analysis. This is because the findings indicate that digitalization has a significant role to play in these cybersecurity risks and the level of cybersecurity maturity of an organization significantly reduces the threats of cybersecurity exposure. Moderating the relationships between digitalization and vulnerabilities, regulatory preparedness and moderating the negative resiliency contribution to vulnerabilities, vendor governance respectively, digitalization and vulnerabilities. Through empirical evidence, the study advanced the six-layer integrated Cybersecurity Risk Assessment and Strategic Mitigation Framework and proposed that it involves the following: risk identification, risk prioritization, technical controls, organizational governance, regulatory and vendor oversight, and continuous improvement mechanisms. The framework includes a context-dependent roadmap which is particular to the aviation ecosystem of Pakistan but is wider in terms of its application in other past aviation markets as well. This study contributes to the literature of digital supply chain risk theory, critical infrastructure resilience literature and literature on cybersecurity governance since it demonstrates that the resilience of aviation cybersecurity is a multi-layered governance-alignment issue as opposed to a technical control issue. The findings serve useful recommendations to the stakeholders of the aviation industry and the concerned policymakers about the need to enhance the supply chains in the digitalized world.