Everybody concerned with the task of developing risk mitigation strategies has a list in his mind of different factors influencing a company’s exposure to risk and if you think about it: those factors are probably related.
Example: The number of suppliers for one component can have a huge impact on risk, but the necessity of a high number of (redundant) suppliers may itself be affected by the trust you built with your main supplier. Both trust and having multiple suppliers affect supply chain risk by themselves, but they are also related.
At the moment I am looking for gaps in my reading up to now and I found that I have not read much about information risks. It also seems that those risks are not (yet?) in focus, neither in research nor business. So I was happy to find “Information risks management in supply chains: an assessment and mitigation framework” by Faisal, Banwet and Shankar.