PL EN
ORIGINAL RESEARCH ARTICLE
Cybersecurity Risk Assessment of Suppliers in the Supply Chain Using the AHP Method and a Scoring Model
 
 
More details
Hide details
1
Faculty of Security, Logistics and Management, Military University of Technology, Poland
 
 
A - Research concept and design; B - Collection and/or assembly of data; C - Data analysis and interpretation; D - Writing the article; E - Critical revision of the article; F - Final approval of article
 
 
Submission date: 2026-04-15
 
 
Final revision date: 2026-05-20
 
 
Acceptance date: 2026-06-24
 
 
Publication date: 2026-06-26
 
 
Corresponding author
Mateusz Zawadzki   

Faculty of Security, Logistics and Management, Military University of Technology, gen. Sylwestra Kaliskiego 2, 00-908, Warsaw, Poland
 
 
SLW 2026;64(1):141-156
 
KEYWORDS
TOPICS
ABSTRACT
The article addresses the problem of cybersecurity risk in digitally interconnected supply chains, with particular emphasis on supplier relationships, third-party access and software dependencies. The research niche of this study is the operationalisation of publicly available cyber-risk data into a transparent and reproducible assessment model that can be applied without access to confidential company datasets. The purpose of the article is to develop a multi-criteria model for assessing supplier cybersecurity risk using the Analytic Hierarchy Process (AHP) and a scoring procedure grounded in recognised reports and scientific literature, and to demonstrate its application in an illustrative supply-chain context. The main hypothesis assumes that supplier cyber risk can be systematically compared through the integration of threat exposure, technical vulnerability and operational impact within a structured weighted index. The study applies a mixed-method approach, including literature review, comparative analysis, desk research, mathematical modelling, AHP weighting and sensitivity analysis. Empirical input was derived from NIST guidance, the ENISA report on supply chain attacks, Verizon's 2025 Data Breach Investigations Report and IBM's 2025 Cost of a Data Breach Report. The results indicate that transportation and utilities suppliers achieve the highest risk levels in the illustrative application, while ICT suppliers remain highly critical in terms of digital dependency. The conclusions support the usefulness of the proposed model as a preliminary decision-support framework, while indicating the need for further expert-panel and organisation-specific validation.
eISSN:2719-7689
ISSN:1508-5430
Journals System - logo
Scroll to top