Next Article in Journal
High-Precision Force Tracking Under Uncertainty: A Fuzzy-Adaptive Sliding-Mode Impedance Control Approach
Previous Article in Journal
Adopting MOD-API in a Modern Dataset Catalog Platform: Opportunities, Challenges and Limitations
Previous Article in Special Issue
H-RT-IDPS: A Hierarchical Real-Time Intrusion Detection and Prevention System for the Smart Internet of Vehicles via TinyML-Distilled CNN and Hybrid BiLSTM-XGBoost Models
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Technologies
Volume 14
Issue 4
10.3390/technologies14040194
Due to scheduled maintenance work on our servers, there may be short service disruptions on this website between 11:00 and 12:00 CEST on March 28th.
technologies-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Systematic Review

Integrating Machine Learning and Business Intelligence into Supply Chain Risk Management for a Comprehensive Cybersecurity Framework: A Systematic Literature Review

by
Rasha Aljaafreh
1,*,
Firas Al-Doghman
1,
Farookh Hussain
1,
Fazlullah Khan
2 and
Ali Aljaafreh
3
1
Faculty of Engineering and Information Technology, University of Technology Sydney, Sydney, NSW 2007, Australia
2
Faculty of Electrical and Data Engineering, University of Technology Sydney, Sydney, NSW 2007, Australia
3
School of Business, Mutah University, Karak 61710, Jordan
*
Author to whom correspondence should be addressed.
Technologies 2026, 14(4), 194; https://doi.org/10.3390/technologies14040194
Submission received: 31 December 2025 / Revised: 4 March 2026 / Accepted: 10 March 2026 / Published: 24 March 2026
(This article belongs to the Special Issue Research on Security and Privacy of Data and Networks)
Browse Figures
Versions Notes

Abstract

Supply chain cybersecurity is a growing concern for businesses as they utilize increasingly interconnected digital systems. This systematic literature review examines how machine learning (ML) and business intelligence (BI) may be used in conjunctions to improve supply chain cyber security risk management. This review followed PRISMA guidelines. A quality evaluation was performed based on CASP to evaluate 35 peer-reviewed articles published in 2016–2025. The review analysis indicates that although ML has been extensively utilized for threat detection, BI utilization is fragmented. Additionally, there is a lack of integrated ML-BI frameworks, specifically for small–medium enterprises (SMEs) and developing economies. As such, this literature review provides a conceptual four-layer framework of predictive and analytical capabilities for threat detection, risk assessment, and decision-making. It also identifies a structured research agenda with which to advance the field of research.

1. Introduction

Global supply chains are becoming increasingly reliant upon technology; as such, they have never been more complex or interdependent [1]. Consequently, they are vulnerable to the numerous risks accompanying increased complexity, particularly with respect to cybersecurity [2]. The objective of this systematic literature review is to identify how machine learning (ML) and business intelligence (BI) may be combined to overcome some of these challenges and develop a comprehensive framework for managing cybersecurity risk in supply chain operations [3,4].
It is first necessary to define how this review uses the term “integration”. In this review, “integration” represents the structured merging of the prediction-based capability of machine learning (ML) with the analysis and visualization-based capability of business intelligence (BI) within an integrated cybersecurity framework [4]. In particular, integration occurs on three levels. The first is the Data Level, where data flow smoothly between BI dashboards and ML algorithms; the second is the Process Level, where predictions generated by ML are fed directly into decision support systems driven by BI; and finally, the third is the Decision Level, where insights from both machine learning and business intelligence (ML-BI) influence strategic cybersecurity decisions. Therefore, multi-level integration is fundamentally different from parallel deployment, which is where ML and BI are used separately, as it creates a series of feedback loops that increase both the accuracy of predictions and the quality of strategic decisions [5].

1.1. Cybersecurity and Digitalization in Modern Supply Chains

The business environment is no stranger to radical shifts. The concept of digital transformation is not only alive but also altering how businesses view and manage their supply chains and the associated risks [2]. Supply chains are more complex than ever. They are not simple chains but rather networks comprising information flows, intercompany relationships, and operational processes that can make the difference between success and failure in today’s competitive markets [6,7]. Identifying, classifying, and managing supply chain risk is not merely a recommended practice to ensure smooth, efficient operations across complex global networks; it is a requirement of contemporary business.
Existing supply chains are rife with disruptions caused by economic volatility, political unrest, and natural disasters, among other factors. With advancements in artificial intelligence and digital technologies, cybersecurity poses one of the most serious threats to supply chains [8]. The numbers are alarming: approximately 61% of all organizations reported being impacted by supply chain cyberattacks in the last year [9]. Organizations that adopt a forward-looking perspective on risk management and enhance their predictive capabilities will see the benefits of risk management—they will be able to mitigate losses or delays and respond more effectively if a risk event occurs, all the while sustaining and improving their operations.
Cybersecurity has emerged as a vital component to maintaining integrity in the supply chain. It protects computer systems, information, and data from unauthorized access and malicious exploitation [10], while simultaneously protecting the company’s most sensitive information, such as confidential customer data, private supplier information, and business operational intelligence [11]. This is strategically important, since a breach of data (when your business partner is involved) costs around 12% more to resolve than other types of breaches [9]. Thus, the risk associated with a single breach can be greatly magnified when that breach occurs across multiple suppliers in the supply chain. As this review reveals, businesses have become increasingly reliant upon technological advancements and innovations, resulting in new vulnerabilities that can be exploited, threatening all operational systems and ecosystems [12,13]. Cybersecurity is no longer viewed as an added feature of doing business: it is now as an essential element of preserving information integrity, supporting operational continuity, and establishing and maintaining trust within the entire supply network [8].
Successfully implementing cybersecurity measures across multiple dimensions of strategy for supply chain risk management is challenging [2]. Risk assessment is the foundation of risk mitigation measures [14]. Beyond that, it is important to address data governance and build secure relationships among all partners to increase collective resilience [15]. The two-pronged approach fosters a holistic security framework that addresses risk at the organizational level and vulnerabilities at the network level.
Data and analytics are important flows in a data-driven business world [16]. Machine learning and business intelligence are complementary technological approaches to improving the structural frameworks of supply chain cybersecurity [4]. Machine learning creates algorithmic models to process large datasets, extract relevant and insightful patterns, and continuously learn from new data [17]. Business intelligence considers the relationships between data and actions, helping formulate the best options for making timely, informed decisions at the operational and strategic levels by using analytical techniques to interpret data and visualize processes [9].

1.2. Knowledge Gaps

Despite significant academic interest in this area, some important gaps still exist in the literature.
While there have been some studies conducted on machine learning and business intelligence individually, few have explored their combined use to support the integration of machine learning and business intelligence within cybersecurity systems. There is also a large gap between theoretical models and actual practice in cybersecurity, and the literature does not clearly establish a classification methodology or conceptual model that integrates the predictive analytics of machine learning into the descriptive and diagnostic analytics of business intelligence to enhance cyber threat detection and mitigation in supply chains.
A recent systematic review by Culot et al. [18] noted that artificial intelligence in supply chain management can be subject to potential media hype, and this review attempts to frame disruptions and inconsistencies with tried and tested supply chain management theory and practices.
In addition to the gaps mentioned above, there are many important areas that need to be examined in greater detail. First, many of the technical details about how to integrate machine learning and business intelligence tools to improve cybersecurity have yet to be explored in depth. Second, it is necessary to investigate the trade-off between a predictive model’s accuracy and its ability to be understood in terms of threat modeling and detection. Third, the ethical and legal consequences of using automation for decision-making in cybersecurity must be researched by both academics and industry professionals. Fourth, while there has been some research into the supply chain effects of integrating machine learning and business intelligence, the potential positive and negative impacts on all supply chain wide performance metrics (beyond cybersecurity) have not been thoroughly investigated.

1.3. Objectives and Contributions of This Systematic Review

This systematic literature review examines the relationships among machine learning, business intelligence, and cybersecurity standards in supply chain risk management. In this review, the PRISMA framework was followed to analyze peer-reviewed studies published between 2016 and 2025, expanding our understanding of recent research and trends. In this review, the literature is categorized by technology application, risk classification, and methodological strategy to assess how machine learning and business intelligence are utilized to address cybersecurity risks originating in supply chains.
Previous reviews analyzed cybersecurity and supply chain management as separate issues. In contrast, this study investigates how intelligent systems can be used to integrate cybersecurity and supply chain management into one system. In this study, a new taxonomy is developed, and areas in which additional research is needed are identified. Findings from different disciplines are compiled, and potential solutions are provided to both academics and practitioners who are charged with developing and implementing integrated cybersecurity systems. This study’s significance is supported by the IBM Institute for Business Value, which states that only 30% of companies prioritize creating secure, connected ecosystems through their supply chains, indicating the timeliness and relevance of this research [19].
This study makes three separate contributions to the field of supply chain cybersecurity risk management.
The first contribution is the identification of an important gap in the literature pertaining to the incorporation of machine learning and business intelligence into supply chain environments for the purpose of enhancing threat detection and mitigation. Although individual studies have investigated applications of machine learning or business intelligence in various areas of cybersecurity, there are relatively few that examine how these two technologies may be used in conjunction to enhance threat detection and mitigation capabilities in supply chains. This gap is significant, as the majority of existing studies have examined each technology independently and not their combination.
The second contribution is a new conceptual framework that unifies the predictive capability of machine learning (ML) and the analysis/visualization capability of business intelligence (BI) through a common cybersecurity architecture. This four-layer framework addresses the lack of established methodology for classifying the integration of ML-BI into supply chain cybersecurity and provides researchers and practitioners with an organized method to understand and implement systems that integrate these two technologies. The framework is also intended to be flexible enough to fit organizations of all sizes, ranging from large corporations to small- and medium-sized enterprises that have been overlooked by the research community.
The third contribution is the creation of a structured and prioritized research agenda that identifies main areas of future research on the proposed framework. In particular, the agenda will focus on the need for technical evaluation of the framework; the organizational factors that influence adoption; and the governance issues surrounding the coordination of cross-organizational collaboration. In doing so, this review creates a clear roadmap for furthering our understanding of the challenges faced by organizations in developing countries. Organizations from these countries are disproportionately represented in the current research base.

1.4. Business Intelligence: A Comprehensive Definition

The definition of business intelligence goes beyond dashboards and descriptive analysis. It represents the way in which companies understand how their organization works as a whole and how to coordinate all departments to assist in strategic decisions. In addition, for cybersecurity organizations, specifically those involved in supply chain cybersecurity, business intelligence provides the mechanism to integrate technical threat indicators into the operational, financial, and strategic considerations of an organization. Viewing business intelligence as a framework integrating machine learning (ML) offers a much broader perspective of the concept beyond a tool for reporting, indicating that BI can be utilized as a key component of the decision-making process [4,20].
It is important to distinguish the term business analytics from business intelligence (BI). Business analytics has been referred to as an umbrella term that encompasses both business intelligence (BI) and data analysis. While business analytics encompasses broader data analysis techniques, this review focuses on business intelligence, which emphasizes the analytical and decision support components of BI systems within the context of supply chain cybersecurity. As such, there is a significant distinction between the two terms. BI’s emphasis on visualization, dashboarding, and real-time decision support aligns better with the integration goals of this review than broader analytics methodologies.

2. Systematic Review Methodology

This section describes the approach of the systematic literature review (SLR), in which systematic procedures were used to ensure transparency, replicability, and rigor. The evidence synthesis was conducted following systematic review guidelines from a systematic literature review perspective, according to PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) [21] and Barbosa-Povoa et al. [22]. This systematic review protocol was registered on the Open Science Framework (OSF) with (Registration ID: osf.io/tjh6q) and includes the elements of identification, screening, eligibility, quality appraisal, and synthesis.
The decision to adopt the PRISMA framework for this review was based on several factors. Firstly, PRISMA provides a well-defined, transparent, and reproducible methodology for systematic reviews and is widely accepted across all disciplines. Second, PRISMA’s structured methodology, encompassing identification, screening, eligibility, and inclusion, helps ensure comprehensive coverage of the literature while reducing selection bias. Thirdly, the PRISMA checklist allows for quality assurance and enables reviewers to assess the rigor of their review process [21].
Although there are other frameworks available to support systematic reviews, including SPIDER (Sample, Phenomenon of interest, Design, Evaluation, Research type) and PICO (Population, Intervention, Comparison, Outcome), PRISMA was chosen because it was designed specifically for systematic reviews integrating evidence from various study types, which matches the heterogeneous nature of methodologies found in the ML-BI cybersecurity literature [21,22].

2.1. Research Questions

The following research questions guided this review:
  • What are potential risks or dangers to supply chain systems in today’s digital environment?
  • What specific types of machine learning-based threat detection methods are applied to detect and classify various cyber threats in supply chains?
  • How can decision support tools use Business Intelligence Analytics to convert threat detection results into tactical cybersecurity actions or strategic decisions?
  • Can machine learning (ML) and business intelligence (BI) be combined into one cybersecurity system rather than developed independently for identifying impending threats?
  • What are the benefits and drawbacks regarding predictive accuracy and model interpretability in an ML/BI system?
  • What is currently missing from the body of research as it relates to using ML and BI to mitigate supply chain cybersecurity risk? Specifically, how does one strike a balance between developing autonomous capabilities and retaining human oversight?
These research questions were created to develop new knowledge from the existing literature while exposing the theoretical conflicts underlying the integration of machine learning (ML) and business intelligence (BI). In particular, this review identifies a trade-off for predictive accuracy (which can be improved using complex, non-transparent models) and interpretation (required for organizational confidence and regulatory compliance) [17]. This review also sought to find a balance between automated responses to threats (facilitated by machine learning) and the need for human oversight (facilitated by BI dashboards) [4], as many companies realize that fully automating processes could increase risk and that no manual process can scale to the volume of threats organizations face today [9].

2.2. Search Strategy

A literature review was conducted using various academic databases to ensure thoroughness and reduce the risk of bias. The academic databases that were searched include Scopus, IEEE Xplore, Web of Science, and ScienceDirect.
The final 35 peer-reviewed articles were selected based on strict inclusion criteria to obtain the best possible research on supply chain cybersecurity [21]. Even though the number appears small (only 35) for a decade-long period, it shows how specific the research focus was; the quality and relevance of the articles were improved by being selective in methodology. The authors of this review also wish to mention that the field of research on supply chain cybersecurity using machine learning and Big Data integration is new, with most of the foundational literature produced since 2018 [6,18]. Subsequent reviews can use broader terms than “Machine Learning” and “Big Data Integration”, e.g., “Big Data Analytics”, to discover additional relevant studies.
This literature review utilized a variety of Boolean operators and keywords. The main search strings are reported below.
Primary Search String:
TITLE-ABS-KEY ((“Supply Chain Threats” OR “Machine Learning” OR “Business Intelligence” OR “Cyber Security”) AND “Supply Chain Risk Management”)
Additional Search Strings:
Search String 1 (Integration):
TITLE-ABS-KEY ((“Machine Learning” AND “Business Intelligence”) AND (“Cybersecurity” OR “Cyber Security”) AND “Supply Chain”)
Search String 2 (Threat):
TITLE-ABS-KEY ((“Cyber Threat” OR “Cyber Attack” OR “Data Breach”) AND (“Supply Chain” OR “Logistics”) AND (“Machine Learning” OR “Business Intelligence”))
Search String 3 (Risk Management):
TITLE-ABS-KEY ((“Risk Management” AND “Supply Chain” AND (“Machine Learning” OR “Business Intelligence”) AND “Cyber”))
Search String 4 (Artificial Intelligence):
TITLE-ABS-KEY ((“Artificial Intelligence” OR “AI”) AND (“Supply Chain” OR “Logistics”) AND (“Cybersecurity” OR “Cyber Security” OR “Cyber Risk”))
Search String 5 (Big Data Analytics):
TITLE-ABS-KEY ((“Big Data” OR “Big Data Analytics”) AND (“Supply Chain” OR “Logistics”) AND (“Threat Detection” OR “Risk Management” OR “Cybersecurity”))
The search was restricted to articles published in English in peer-reviewed journals between 2016 and 2025.
The literature review was undertaken between January 2024 and March 2025, reviewing publications from January 2016 to March 2025. It is worth noting that as research within the field of digital health technologies continues to evolve at a rapid pace, there are some studies published in 2024/2025 that reflect early-stage research; therefore, it is possible that not all of the studies relevant to this review were identified in the search (due to the time required for publication and/or indexing in academic databases).

2.3. Inclusion and Exclusion Criteria

The selection criteria for the studies included in this review are described below.
Inclusion Criteria:
This review included studies that discussed cybersecurity risks and threats, used machine learning or business intelligence for managing risks in supply chains, were published as a journal article, were written in English, and were published from 2016 to 2025.
Exclusion Criteria:
This review excluded studies that did not discuss cybersecurity in relation to the supply chain or machine learning or business intelligence applications. Peer-reviewed conference papers from established venues (e.g., IEEE) were eligible for inclusion due to the fast-evolving nature of cybersecurity research. Non-peer-reviewed conference proceedings were excluded to maintain methodological rigor. Including certain conference papers is justifiable due to the rapidly developing nature of cybersecurity research. The peer-reviewed conference proceedings from these established venues include many of the current or future developments in cybersecurity that may take time to be published in journals. IEEE conferences in particular are viewed as top-tier venues for publishing research on cybersecurity and provide timely, high-quality evidence for research on supply chain cyber security. Reports, white papers, and theses were excluded, as were studies published in any language other than English before 2016.

2.4. Screening and Selection Process

Figure 1 shows the screening process, which adhered to PRISMA guidelines.
The PRISMA flow diagram illustrates that 35 studies were included in the qualitative synthesis. Of these, 28 studies were included in the quantitative synthesis (meta-analysis). The remaining 7 studies were excluded from quantitative analysis due to insufficient extractable comparable data or incompatible outcomes/metrics.
  • Identification: Search results were exported to a reference manager (Zotero), and duplicates were deleted.
  • Screening: The study titles and abstracts were screened for relevance.
  • Eligibility: The full texts of the articles were reviewed based on the inclusion criteria.
  • Inclusion: The final articles were included in the systematic review for analysis.
Figure 1 illustrates that in addition to the database searches (n = 287), records (n = 43) from peer-reviewed conference proceedings were also identified using other sources. All identified records were reviewed with the same inclusion/exclusion criteria. The search expansion did include additional sources; however, the number of studies included at the end was still 35 for qualitative synthesis due to the vast majority of the new records being either duplicates (a total of 35 duplicates) which were removed during deduplication, or were removed during the screening and/or full-text review due to their lack of focus on ML/BI, not being focused on supply chain cybersecurity, or not being written in English. Of these 35 studies, 28 were included in the quantitative synthesis (meta-analysis).

2.5. Quality Assessment

Each included study underwent a quality assessment using a simplified CASP (Critical Appraisal Skills Program) checklist. Scores were assessed on a 5-point scale in several dimensions.
  • Methodological rigor: This dimension assesses the rigor and appropriateness of the research design, using a scale of 1–5.
  • Theoretical foundation: This dimension evaluates the rigor of the theoretical framing used for the research using a scale of 1–5.
  • Data quality: This dimension evaluates the validity and reliability of the data used in the study using a scale of 1–5.
  • Analytical approach: This dimension evaluates the rigor and appropriateness of the analysis used in the study using a scale of 1–5.
  • Practical implications: This dimension assesses the applicability and relevance of the findings to practice, using a scale of 1–5.
  • Overall Quality: This dimension summarizes the study’s contribution to the scientific body of knowledge using a scale from 1 to 5.
The Standard Checklist comprises 10 qualitative questionnaires that require a yes/no/can’t tell response. To quantify qualitative responses to the 10 CASP Questionnaires using a 1–5 scale, the authors have created the following rubric:
  • 5 points: All 10 CASP Questionnaire items received a response of “yes”.
  • 4 points: 8–9 of the CASP Questionnaire items received a response of “yes”.
  • 3 points: 6–7 of the CASP Questionnaire items received a response of “yes”.
  • 2 points: 4–5 of the CASP Questionnaire items received a response of “yes”.
  • 1 point: Less than 4 of the CASP Questionnaire items received a response of “yes”.
All studies that scored less than 2.5 on the CASP system were eliminated. Only studies that met a minimum of 50 percent of CASP criteria were included in this review. This maintains acceptable methodological rigor while allowing researchers in this developing area of research the ability to publish their findings.
Quality assessment was conducted by two independent researchers using the quality assessment checklist. Average quality scores were calculated for each dimension where scores differed, and if the difference was greater than 2 points, the researchers openly discussed their scores to reach consensus. Studies that scored overall less than 2.5 were excluded from the final analysis to ensure that only high-quality evidence was included in the review.
The quality assessment scores were utilized in three different ways for this review. They were first used to remove all studies with an overall quality assessment score of less than or equal to 2.5 from the analysis to ensure that only methodologically reliable evidence was utilized to support the conclusions of this review. The 2.5 threshold, representing 50% of CASP criteria, is reasonable since it reflects common quality assessment thresholds found in other systematic review literature [23,24]. This threshold strikes a reasonable balance between the quality of the studies being assessed and allows for novel studies in the field of supply chain cybersecurity to be evaluated in an ever-changing environment.
Quality assessment scores were also utilized to provide a weighting factor when interpreting study findings. Studies with a quality assessment score of 4.0 or greater were assigned more prominence when synthesizing the results of key themes. Finally, the quality assessment was used to identify research gaps based on areas of the quality assessment instrument that received consistently low quality scores across multiple studies (i.e., studies that scored poorly in terms of data quality). The quality assessment ensured that the conclusions of the review were based on high-quality evidence while recognizing the limitations of lower-quality studies.

2.6. Data Extraction and Synthesis

For each study selected, the following were documented: publication year; journal; research focus and methodology; types of data and analyses; and threats, solutions, and technologies identified (ML, BI).
Both descriptive statistics and thematic coding were used to synthesize the data, which were also categorized by threat type, the ML/BI technique used, and the cybersecurity strategy identified in the studies.
These themes helped inform the conceptual framework developed, which is described in the Section 3 and Section 4.
A data extraction form was developed and tested on five studies before it was implemented on all included studies. Two researchers independently extracted data from each study and then compared the results to assess accuracy and consistency. Data collection continued until all included studies were exhausted. The researchers used NVivo 12 to support thematic coding and qualitative data analysis [3]. A thematic synthesis approach was employed to collate the findings into thematic categories, and a critical, interpretive analytic approach was used to identify key patterns, trends, and contradictions in the literature [21].

2.7. Justification of Sample Size

The sample of 35 articles selected from the peer-reviewed literature represents a high-quality research that addresses the convergence of business intelligence (BI), machine learning (ML), and supply chain cybersecurity. Although the number of articles included in this sample appears to be limited relative to those included in more general systematic reviews, there are a number of justifications for the use of this sample size.
First, as noted previously, the research question examined in this dissertation is very narrow, specifically focusing on the integration of ML and BI in supply chain cybersecurity. This focus reduced the possible number of articles that could have been considered. Comparative systematic literature reviews in focused, emerging domains report similar numbers of articles. For example, Toorajipour et al. (2021) [25] identified 57 articles that utilized AI applications in supply chain management, which were published over a ten-year period (2009–2019). Therefore, the sample of 35 articles examined in this dissertation is consistent with the accepted normative practices for systematic reviews of specialized, emerging research areas.
The second reason the quality of the methodology was ranked above the quality of quantity is because all the included studies were assessed for quality based on the CASP criteria (a minimum quality of 2.5/5), enabling this study to combine evidence from studies with strong methodologies rather than a large number of studies with low quality. Best practices for systematic reviews were followed by applying thresholds to the quality assessments to ensure that the methodological quality of the studies included in the synthesis was maintained.
Third, as supply chain cybersecurity is an area of rapid development, it is important to include recent studies. The selection was therefore limited to studies published since 2016, with a greater focus on studies published since 2020. This emphasis on recent studies captured current developments and emerging trends in the field. Concentrating on recent, high-quality research in this area supports the adequacy of the 35-article sample in addressing the research questions.
Finally, the level of analysis applied to each of the articles—with the use of detailed coding (of threat types, machine learning techniques, business intelligence applications, and organizational context)—provides comprehensive insight into the subject matter despite the relatively small sample size. This approach (prioritizing depth over breadth) is suitable for systematic reviews of emerging research areas, as the goal is to compile and synthesize existing knowledge (rather than provide a complete census of all published works).

3. Systematic Review Results

After following the systematic search design described in the previous section, the relevant studies were identified and analyzed. This section reveals the review findings by means of analysis, starting with descriptive analysis, organizing the findings into themes, assessing methodological quality, and then reporting trends.

3.1. Descriptive Analysis

3.1.1. Study Distribution by Year of Publication, Journal, and Country

The 2020–2021 period had the most research (25.7%) on machine learning and business intelligence for solutions in supply chain cybersecurity risk management of any year, as shown in Table 1. This indicates a growing focus on this domain after the COVID-19 pandemic highlighted major weaknesses in global supply chains. However, a slight drop in the 2024–2025 period (11.4%) may indicate an emerging research agenda or timing discrepancies due to delays in the publication of more recent research.
Investigation of the studies reported in this review revealed an increasing interest in applied research related to the amalgamation of machine learning and business intelligence in supply chain cybersecurity risk management. Table 1 indicates that the studies included in this review covered the period from 2016 to 2025; 25 percent of the total studies included were produced in the 2020 to 2021 period. The other periods had relatively stable output, and the projected period from 2024 to 2025 contains only 11 percent of the total studies included in this review. This trend depicts a growing awareness of the importance of understanding cybersecurity in relation to the continual digitalization of supply chains.
The evolution of research interest can be seen in Figure 2. As illustrated in Figure 2, although studies are dispersed throughout this time frame, there is a clear concentration of studies in 2020–2021, accounting for approximately one-quarter of all publications. It appears that in the early years (2016–2019), publication was fairly consistent, indicating that the field was being established. The recent surge in publications, as shown in Figure 2, indicates increasing research momentum regarding the intersection of machine learning and business intelligence for supply chain cybersecurity. It is only at this point that this intersection has received significant scholarly attention.
In terms of geographic distribution, most contributions came from the United States, United Kingdom, and China, indicating strong concentrations of expertise in these regions. In contrast, there is a gap in representation from developing regions and a need for more research conducted in different geographic areas.
With respect to journals, the studies included were published in a variety of journals focusing on supply chain management, information security, and computer science, highlighting the multidisciplinary nature of this topic. Examples of journals are the Journal of Supply Chain Management, Computers and Security, and the International Journal of Production Economics.

3.1.2. Distribution of Studies by Method

Table 2 presents a reasonably equal distribution of the different methodologies used in the studies included in this review, with a slight predominance of theoretical reviews (34.3%). This provides a more balanced assessment for this systematic review and an opportunity to evaluate the topic from multiple perspectives: theoretical reviews provide the underlying concepts, empirical studies (28.6%) offer quantitative evidence, case studies (22.9%) reveal the richness of context, and mixed-methods studies (14.3%) provide the best of both worlds.
Table 2 shows the distribution of included studies by methodology. There appears to be a relative balance between theoretical and applied approaches, as each methodology is fairly represented.
Figure 3 provides an overview of the methodologies used in the examined studies, suggesting approximately equal representation of quantitative and qualitative studies. The large number of quantitative studies (see the chart in Figure 3), which is primarily due to their empirical nature and the need for empirical verification of algorithms and systems within the area of study, suggest a technical basis for this body of knowledge. On the other hand, as indicated in Figure 3, there is a substantial number of qualitative studies that explore the implementation and operational aspects of these integrated systems in actual supply chain environments. While there were somewhat fewer mixed-method studies (as shown in the chart in Figure 3) in comparison, they represent a valuable hybrid approach that can offer insight into both the empirical and contextual elements associated with the use of integrated ML-BI systems in supply chains. Overall, the diverse methodological approaches used in these studies enhance the credibility of this review, since they capture both the technical and practical aspects of using integrated systems in supply chain environments.
Theoretical reviews represented the largest percentage of all included studies (34.3%), followed by empirical studies (28.6%), case studies (22.9%), and finally mixed-methods studies (14.3%). This distribution helps articulate the diversity of methodologies regarding the study of machine learning and business intelligence integration in supply chain cybersecurity risk management.
This distribution of methodologies was beneficial for the review as it offers a broad understanding of the topic from different perspectives.

3.2. Thematic Categorization

3.2.1. Theoretical Walkthrough: Ransomware Threat Scenario

To further explain the layers that will be used as part of the proposed conceptual framework, this review provides an example scenario of a ransomware threat detected in a supply chain network.
The first layer is the machine learning predictive layer. This layer uses machine learning algorithms such as neural networks and random forests to examine historical attack trends and network traffic. As it does so, it recognizes anomalies that are indicative of ransomware propagation. In response, it generates a threat alert and provides a confidence score of the probability that the threat is indeed ransomware (i.e., 87%).
The next layer is the BI analytical layer. This layer receives the threat alert generated by the machine learning predictive layer and correlates it with other relevant data sets. These data sets include historical incident data and supply chain dependency data (i.e., which suppliers are impacted). The BI layer also includes data related to potential business impact assessments (i.e., what products may be impacted). As a result of correlating these data sets, the BI layer produces a comprehensive risk assessment dashboard that shows all of the affected entities and the potential business impact.
Next is the response and governance layer. This layer has decision-makers view the risk assessment dashboard produced by the BI layer, along with the threat analysis. Once they do so, based upon predetermined policies (i.e., to isolate affected nodes when the confidence level is greater than 80%), the decision-makers trigger either automated or manual responses.
Finally, there is the feedback loop layer. This layer records the outcomes of the response actions taken during the response and governance layer and feeds them back to the machine learning layer for continuous learning. As a result, the framework continuously improves its accuracy in detecting and responding to threats.
The above example illustrates how each of the layers work together to create an integrated approach to cybersecurity in supply chains.

3.2.2. Classification of Machine Learning and Business Intelligence Techniques

A detailed categorization of the machine learning and business intelligence methodologies utilized in the included studies is provided in Table 3. The most frequently used machine learning techniques were neural networks (28.7%), demonstrating their comparative advantage in managing complex and unstructured data, particularly with respect to the data associated with cybersecurity threats. This was followed by predictive analytics (25.7%), which are helpful for predicting potential risks. Business intelligence dashboards were used in only 5.7% of studies, indicating that there is room for further research in regard to presenting machine learning results and implementing them. Further determining how to present and utilize machine learning outputs for decision-makers in an applicable way warrants sustained attention.
Table 3 shows a thematic classification of the machine learning and business intelligence techniques identified in the included studies. The techniques were classified into one of six main categories: neural networks, predictive analytics, supervised learning algorithms, unsupervised learning algorithms, Big Data analytics, and business intelligence dashboards.
Regarding the techniques used in the reviewed studies, as illustrated by the chart in Figure 4, there is a clear tendency to prefer some approaches over others. The most commonly used techniques are neural networks and deep learning techniques. These are often preferred because they have demonstrated success in identifying patterns and detecting threats. Predictive analytics was found to be a close second. This is to be expected due to its focus on predicting when an attack may occur. Traditional machine learning algorithms (such as SVMs and RF) are also present in Figure 4 and are still widely used for classification-type applications. Business intelligence techniques were less commonly referred to independently but, instead, were often referred to in conjunction with other techniques, such as those listed above, to form a larger data analysis framework. The distribution of these techniques, as referenced in Figure 4, illustrates a possible opportunity for further study, as there is a lack of studies focusing on how to best integrate the predictive power of machine learning with the analytical capabilities of business intelligence.
The technical landscape is dominated by neural networks (28.7%) and predictive analytics (25.7%), reflecting the immense capability of these technologies in managing complex datasets and revealing latent variables. Supervised (17.1%) and unsupervised (11.4%) learning algorithms are well-represented; it may be relevant that although the proportion of supervised to unsupervised learning techniques is worthy of consideration in supply chain cybersecurity, supervised learning algorithms appear to be preferred.
The small percentages reported for Big Data analytics (11.4%) and business intelligence dashboards (5.7%) may indicate a gap in the literature pertaining to the use of these technologies for cybersecurity risk management in supply chains. This could be investigated later, coinciding with possible future studies on the integration of business intelligence and machine learning models to improve detection and response to threats.

3.2.3. Classification of Supply Chain Cybersecurity Threats

Table 4 provides a full categorization of the supply chain cybersecurity threats identified in the relevant studies. Data breaches (25.7%) and ransomware (22.9%) comprise almost 50% of the threats studied, underscoring the potential risks they pose to supply chains. Third-party vulnerabilities (20.0%) ranked third, emphasizing reliance on external vendors and partners, which increases the level of risk. The inclusion of third-party vulnerabilities echoes current trends in the security space, where threatening actors will increasingly target the weakest links in the supply chain.
Table 4 illustrates a comprehensive classification of supply-chain-related cybersecurity threats, as identified in the included studies. The threats were classified into eight different disciplines, including ransomware, data breaches, phishing threats, supply-chain breaches, insider threats, denial-of-service attacks, AI-based attacks, and IoT vulnerabilities.
Figure 5 illustrates the typology of supply chain cybersecurity threats, showing that data breaches (25.7%) and ransomware attacks (22.9%) account for the largest share of researched threats, followed by third-party threats (20.0%), indicating their significant impact on supply chain security in the digital economy. IoT threats (17.1%) and supply chain breaches (14.3%) further indicate that modern supply chains are vulnerable to a wide range of potential cybersecurity challenges.

3.3. Industry Standard Alignment

The proposed ML-BI framework was created to address supply chain cybersecurity issues and adopts many practices currently used in the industry. The proposed ML-BI framework has been mapped to the NIST Cybersecurity Framework’s five core functions, which covers all types of cybersecurity risk management activities [26]. As part of the identify function, business intelligence can provide visibility to an organization’s supply chain assets and vulnerabilities across the network. Using machine learning, the protect function provides appropriate protection mechanisms based on threat patterns and previous attacks. The detect function uses machine learning models’ real-time threat detection ability to constantly monitor network traffic and system behavior for abnormal activity indicating a cyber threat. The respond function uses business intelligence dashboards to make informed decisions with the context provided while responding to an incident. The recover function uses historical data analysis to create recovery plans that will help an organization become more resilient to future cybersecurity incidents.
The proposed framework provides support for the key requirements outlined in the ISO 27001 Information Security Management framework [27]. Data from multiple sources can be combined to present a complete view of risk by using business intelligence (BI) analytics for enhanced risk assessment based on systematic methodologies. Use of BI for continuous monitoring is achieved through real-time threat identification using machine learning (ML) to detect developing threats in real time. Evidence collection for regulatory audits is supported by the framework’s business intelligence reporting capability, which is leveraged to document an organization’s security-related activity and responses in a comprehensive log format.
Compared to NIST CSF and ISO 27001, which are generic frameworks, the proposed ML-BI framework focuses on how these two technologies can be integrated within supply chain contexts, an under-researched area, to provide a practical resource for practitioners [2,18].

3.4. Methodological Quality Assessment

The results of the methodological quality assessment of the included studies are presented in Table 5. The methodological quality aspect scored the highest (3.8 out of 5) on average, showing that most studies applied reasonable and transparent procedures; however, data quality received the lowest average score (3.2) and highest standard deviation (1.1), indicating more variability in the quality of the data. Overall, the studies had an average quality score of 3.5, which indicates moderate to strong quality, lending credibility to the results of this systematic review.
The results of the methodological quality assessment of the studies included in this review are summarized in Table 5. The assessment utilized the framework described in Section 2.5. In this review, each study was assessed on a 5-point scale in six areas: methodological rigor, theoretical foundation, data quality, analytical approach, practical implications, and overall quality.
Table 5 shows the methodological quality scores for the included studies. The average score for methodological rigor was the highest (3.8 out of 5), and data quality received the lowest average score (3.2). Methodological quality was moderate to strong (3.5), supporting the claims and recommendations of this review.
The overall average quality of all the studies was 3.5 out of 5, which indicates good methodological quality. Practical significance had the highest average score without comparison elements (4.2), supporting the notion that research in this area is focused on practice. Relevance and methodology both had good average scores of 3.9 and 3.7, respectively.

3.5. Publication Trends

Table 6 shows the publication patterns from 2016 to 2025. The methodological emphasis clearly shifts from theoretical studies in 2016–2017 to applied studies in 2024–2025, indicating a maturation of the field and a desire to pursue real-life applications. Additionally, the level of ML-BI integration in articles published from 2016 to 2025 is increased steadily (early—low; most recent—high). This trend corroborates the perceived importance of the integrated approach in addressing supply chain cybersecurity problems.
Table 6 summarizes a systematic examination of the articles published year by year, along with their areas of focus. The data show that studies were randomly distributed during this time frame, with the most concentrated period being 2020–2021 (9 studies, 25.7% of total), followed by 2018–2019 (8 studies, 22.9%) while 2016–2017 (7 studies, 20.0% each) and 2022–2023 (7 studies, 20.0% each) had equal amounts, and 2024–2025 had the lowest number of studies at 4 (11.4%).
Table 6 provides a broad overview of the literature on the intersections of machine learning and business intelligence for supply chain cybersecurity risk management. There is considerable variability in the journals in which the studies were published, which reflects the diversity of the topic. More recently published studies (2022–2025) seem to have a larger emphasis on practical use and integrated solutions than earlier published studies (2016–2019), which primarily focused on identifying problems and challenges. These differences reflect the maturation of the field from identifying problems and challenges to implementing solutions.
In terms of similar focus areas, the thematic focus of supply chain risk transitioned from general studies of supply chain risks (2016–2017) to focused study of cybersecurity applications (2018–2021) and eventually to the impact of machine learning and business intelligence on cybersecurity frameworks (2022–2025). The reversal of the focus area indicates the developing maturity of the field and the increasing complexity of today’s supply chain challenges.

4. Discussion

This following section interprets the findings of the systematic literature review by discussing themes, gaps in knowledge, and implications of incorporating machine learning and business intelligence in the cybersecurity context for the management of risk in supply chains.

4.1. Key Themes and Trends

The results of this review suggest that interest in the intersection of cybersecurity and supply chain management is increasing, particularly as digitalization and the use of AI continue to rise. Thematic trends that were consistently observed are described below.

4.1.1. A Focus on Ransomware and Phishing Attacks

There is considerable variation in how ransomware works depending on the type, but most applications of ransomware follow an almost identical process of gaining initial access, moving laterally, escalating privileges, and lastly encrypting and extorting [28]. There are a number of ways that machine learning (ML) models can help detect anomalous network behavior when the attacker moves laterally through the network; there are also a number of ways business intelligence (BI) models can graphically display the attackers’ attack path and provide guidance to help incident response teams determine which actions to take [4].
A data breach can be either an external data breach (unauthorized access) or an internal data breach (insider threat) [7]. The requirements for detecting these two types of breaches are quite different [2]. External breaches tend to leave behind network-level signs and footprints that are easily detectable by ML models [19]. Insider threats, however, require behavioral analytics that use both pattern recognition from ML models and contextual analysis of user activity using BI models [7].
Third-party vulnerabilities are another area in which organizations face unique challenges because they are beyond the organization’s direct control. ML models can evaluate vendor risk scores based on historical data; BI models can map supply chain dependencies and graphically display the cascading risks associated with third-party vulnerabilities [4].
Interestingly, although numerous articles have been published on advanced persistent threats (APTs), it appears that there has been limited research on this subject area. Although there are many characteristics that define APTs, one commonality is their ability to persist within an organization’s system for extended periods of time and use sophisticated techniques to evade detection [21]. As such, APTs require organizations to implement integrated ML-BI models that enable them to perform real-time anomaly detection alongside longitudinal behavioral analysis. Unfortunately, this capability was missing in over 91.4% of the studies examined [4].
Zero-day vulnerabilities are also an under-researched topic in the information security field. Zero-day vulnerabilities are difficult to study and therefore train ML models against due to their novel nature and the fact that there is no prior historical data available to train against [19].
As Hammi et al. [29] commented, “digital supply chain threats are evolving at a speed faster than this review is able to mitigate them”. This suggests that there is a high demand for what may be perceived as a systematic, proactive, or anticipatory approach to get ahead of and prepare for emergent threats.

4.1.2. Prominent Use of Supervised Machine Learning Models

The studies reviewed predominantly examined supervised learning approaches (e.g., SVM, ANN, regression), while few studies explored unsupervised and/or reinforcement learning models. There is also a lack of studies testing multiple machine learning models against one another in the literature.
As Pandey et al. [30] argue, despite its potential, this review scratches the surface regarding use of machine learning in supply chain risk management, with little attention given to whether different algorithms are superior for different threat scenarios.

4.1.3. Fragmented Use of Business Intelligence Tools

Business intelligence tools were mentioned often in the studies, yet their actual use with cyber risk models was nominal. The majority of studies described business intelligence purely in terms of dashboards or retrospective-type analytics, without investigating its potential application as a process to predict cyber risks either in real time or proactively.
As Bharadiya [4] suggests, the challenge is to make business intelligence a predictive process tool rather than a diagnostic process that can be run with machine learning algorithms to provide more complex views of cyber risk.
BI has been limited by several other factors, such as “Data Silos” (in other words, the data required to use BI is often not available). The cost and complexity of implementing BI software is also an issue, especially for small businesses. Additionally, there is a lack of qualified people who have both experience in BI and supply chain management [20].

4.1.4. Infrequent Application of Hybrid Frameworks

Few papers described integrated frameworks or models that employed business intelligence and machine learning capabilities to perform threat detection on real-time data and support strategic planning. The overall implication is a need for more converged architectures.
This review considers the evolution of complexity in solutions over time. In 2016–2018, the majority of solutions examined single applications of either machine learning or business intelligence, i.e., there was minimal interest in integrated technologies. In 2019–2021, studies began examining the combined effects of both technologies but typically in a limited and/or experimental sense. In 2022–2025, there are several documented examples of more consolidated integrated frameworks that combine machine learning’s predictive capabilities with business intelligence’s analytical capabilities in solution development. This progression likely demonstrates a better understanding of the need for integrated approaches to address the complexities of cybersecurity in current supply chains.

4.1.5. Threat-Specific Analytical Approaches

Different types of cyber threats require differing analytical techniques. For example, to detect ransomware, an analyst may use a combination of anomaly detection to detect unusual access to files and behavior detection to find the encryption routine [28]. In comparison, to detect data breaches, especially when they are committed by insiders, an analyst would employ a unique combination of user behavior analytics (UBA) to monitor and analyze user behaviors and access control monitoring (ACM) to identify data exfiltration [7]. As APTs can remain in place for months or years at a time and operate under stealth, APT detection requires longitudinal behavioral analysis and sophisticated pattern recognition to discover these persistent threats [31]. Finally, due to their very nature, zero-day attacks cannot be identified using signature-based methods. Therefore, we require new methods for identifying these attacks, as well as robust risk assessment to manage unknown factors [19].

4.2. Identified Research Gaps

Gaps were identified from the examined literature and are described below.

4.2.1. Methodological Gaps

The methodological gaps can be classified into three categories. The first is empirical validation, as many of the reviewed papers (65.7%) are either theoretical/conceptual in nature or contain very little empirical evidence to support the use of their proposed frameworks. Second are comparative studies, as there is a lack of comparative studies among the papers reviewed. Only 11.4% of the reviewed studies included comparisons of multiple machine learning (ML) algorithms that can be applied to the same type of threat. Finally, there is a gap in longitudinal research: there were no studies that examined the effectiveness of machine-learning based behavioral intelligence (BI) systems over an extended period.

4.2.2. Technological Gaps

The technological gaps present in the literature can be classified into three categories. The first gap is real-time analytics, as very few studies (only 8.6%) incorporated real-time analytics into their analysis using edge computing or stream analytics, even though there are many delay-sensitive applications in which this is necessary. Second, there is a gap regarding explainable artificial intelligence, as there is very little research on the use of interpretable machine learning models to support cybersecurity-related decision-making. The final gap to consider is scalability, as there are very few studies that discuss how integrated systems would operate at an enterprise level.

4.2.3. Contextual Gaps

Contextual gaps can be classified into three categories: first, there is geographic bias, where a large number of the papers reviewed (71.4%) were written in the context of developed countries (US, UK, and EU). Second, there is sectoral bias, as manufacturing and logistics are by far the most represented sectors in the papers reviewed, and healthcare, agriculture, and energy are all relatively underrepresented. The final contextual gap relates to organization size, with very little research on the specific challenges and solutions associated with small–medium-sized enterprises (SMEs).

4.2.4. Theoretical Gaps

The theoretical gaps can be classified into three categories. The first is a framework for integration: there is no complete theoretical framework that describes how machine learning and business intelligence should be combined. Second, trade-off analyses are lacking; there is limited study of the trade-offs between the accuracy and interpretability of machine learning models. Finally, there is a theoretical gap regarding governance models, where human–machine collaboration frameworks have received insufficient attention.
In addition to addressing the gaps discussed above, it is imperative to conduct studies on the implementation challenges related to executing the integrated solutions. The majority of current studies are either technical or theoretical, with little consideration of the organizational or human aspects that influence the response to integrated solutions. Additionally, the vast majority of studies provide no analysis of the cost-related benefits of the proposed solution, which is important for decision-makers to consider. There are also concerns related to the adaptation of integrated solutions for different organizational types and sizes, ranging from small and medium businesses to multinational corporations.

4.3. Implications for Research and Practice

4.3.1. For Researchers

Researchers have great opportunities to move past conceptual thinking and generate and empirically test a variety of frameworks integrating machine learning and business intelligence as part of cybersecurity for supply chains. Future work should investigate hybrid models and the comparative interpretation of data across threat types.

4.3.2. For Practitioners

For supply chain managers and CISOs, frameworks integrating predictive analytics (ML) and interpretative dashboards (BI) to enable monitoring of threats in real-time offer opportunities for significant development. Developing modular, domain-specific toolkits to enhance practice and adoption is a recommendation worthy of consideration.

4.3.3. For Policymakers

Policymakers need to establish guidance for cybersecurity standards for AI-enabled supply chains, particularly in terms of data privacy, model transparency, and accountability.

4.3.4. Key Recommendations

The results of this systematic review have produced recommendations for researchers, practitioners and policymakers with respect to machine learning (ML) and business intelligence (BI).
Researchers should focus on three major areas of research to further enhance business intelligence analysis with predictive machine learning (BI-ML) techniques. The first area is the integration of predictive machine learning techniques into business intelligence analytic systems to develop hybrid systems capable of identifying a variety of threats. The second is comparing various predictive machine learning algorithms to identify optimal algorithms by type of threat in various supply chain settings. The third is examining geographic and industry-specific gaps and using this information to design BI-ML systems tailored to the needs of small–medium-sized enterprises and developing countries with limited resources.
Practitioners are encouraged to develop an incremental or phased plan for implementing BI-ML systems. The process of developing this plan will include a pre-implementation assessment of data quality and incremental implementation to minimize organizational disruption. The plan also is expected to outline clearly established governance policies regarding the use of the implemented system(s). The recommendations provided in this systematic review identify and address many of the practical problems and concerns associated with the integration of BI-ML systems, as reported by the authors of the 35 studies reviewed.
Policymakers need to create regulatory systems that support innovation while providing a secure environment. Guidelines for developing AI-enabled cybersecurity policies and incentives to encourage small-to-medium-sized businesses to implement BI-ML within their operational practices are also needed. The aforementioned policy interventions can be used to bridge the systemic gaps identified in the literature and promote greater use of an integrated approach to cybersecurity.

4.4. Ethical and Legal Considerations

The combination of machine learning and business intelligence in supply chain cybersecurity requires many ethical and legal considerations. Thus, organizations must consider each one very carefully.
The review of governance risks for automated decision-making shows potential for governance risk amplification through the use of flawed algorithms to create failures in all aspects of supply chains. If an ML model incorrectly classifies a valid (and therefore non-threatening) supplier as a threat, then the automated response may disrupt supply chain activities and negatively affect existing business relationships. Thus, organizations have to implement robust governance mechanisms, including some form of human oversight, to help reduce these types of risks. Organizations also need to develop clear governance structures that define when human intervention is needed, who will be responsible for reviewing decisions made by automated systems, and who is ultimately accountable for the actions of those automated systems [4,10].

4.4.1. Algorithmic Bias and Fairness

When using machine learning models trained on historical threat data, there is the potential that the models could develop BIAS, resulting in a disproportionate level of scrutiny for particular vendors or partners [17]. Organizations must establish bias auditing processes and confirm that automated decisions cannot discriminate against specific suppliers in their supply chain [19].

4.4.2. Data Privacy and Sovereignty

Integrated machine learning–business intelligence systems must collect large amounts of data from all supply chain participants, which results in concern over data privacy and cross-border data transfers [4]. As a result, organizations that operate in multiple jurisdictions must determine which sets of regulations they need to comply with, including but not limited to the General Data Protection Regulation (“GDPR”) in Europe; California Consumer Privacy Act (“CCPA”) in California; and emerging Data Localization Laws in Asia [29].

4.4.3. Accountability and Transparency

When automated systems make recommendations regarding cyber security-related decisions, it creates issues regarding accountability [4]. If an automated system fails to identify a threat or produces a false positive that disrupts operations, determining responsibility is complicated [10]. In addition, the “Black Box” nature of many machine learning algorithms makes accountability even more complicated when trying to explain an automated decision to stakeholders or regulators [17].

4.4.4. Human Oversight and Autonomy

Although automation can increase the speed of response, there is a risk that over-reliance on automated systems could lead to a loss of human expertise and judgment [4]. Therefore, organizations must find a balance between the efficiency gains of automation and the need for meaningful human oversight, especially in regard to high-stakes decisions such as terminating vendor relationships or initiating incident response protocols.

4.4.5. Regulatory Compliance

New regulations that include the European Union’s Artificial Intelligence Act impose requirements on the use of high-risk artificial intelligence systems, including those used to protect critical infrastructure [2]. As a result, organizations that deploy machine learning–business intelligence-based cyber security systems must remain compliant with evolving regulatory frameworks, which requires documentation of how the model was developed, tested, and monitored [2].

4.5. Theoretical Tensions in ML-BI Integration

Several theoretical tensions exist in the combination of machine learning and business intelligence in supply chain cybersecurity that have not been sufficiently examined in prior research.
Real-time decision-making creates additional tension in dynamic supply chain environments; this tension adds to the previously discussed issues of speed vs. accuracy. The ability to make accurate decisions (based on high-quality predictions) while also making those decisions as quickly as possible due to the dynamic nature of the environment and the time-sensitive nature of many decisions is a critical issue. In addition, the tension between predictive accuracy and model interpretability increases when automated systems are used to make high-stakes decisions and have the potential to impact the risk exposure of the organization [10,17].

4.5.1. Trade-Off Between Model Performance (Prediction Accuracy) and Model Interpretability

Machine learning models can provide greater predictive performance than traditional models (i.e., prediction accuracy). However, these models typically do not support interpretability (i.e., they cannot provide explanations for their predictions). Traditional models (i.e., decision trees, logistic regression) are more interpretable; however, they tend to lack predictive performance [17]. This trade-off between predictive performance and model interpretability is of particular concern in the field of cybersecurity, where organizations require both accurate and transparent threat detection [2].
Therefore, future research should investigate hybrid methods of combining the high predictive performance of complex machine learning models with post hoc explanation methodologies to increase model interpretability.

4.5.2. Trade-Off Between Automated Decision-Making and Human Oversight

Machine learning has the potential to enable rapid automated threat detection and response capabilities that far surpass those of human analysts [17]. However, fully automated decision-making systems can potentially create incorrect responses that result in harm or loss [4]. Business intelligence provides humans with information to make informed decisions; however, the use of business intelligence delays the decision-making process [20].
It is likely that the appropriate level of human oversight for automated decision-making will vary depending upon the specific characteristics of the threat(s) being detected, the organizational culture, and the acceptable level of risk. Therefore, it is necessary to develop frameworks that dynamically adjust the degree of automated decision-making versus human oversight based upon situational factors.

4.5.3. Trade-Off Between Standardization and Customization

Standardizing machine learning and business intelligence frameworks offers organizations advantages such as reduced costs associated with knowledge development and sharing among organizations [5]. However, cyber-threats are typically unique to each organization’s supply chain environment and require customized solutions [32].
This trade-off between standardization and customization of machine learning and business intelligence frameworks in supply chain cybersecurity suggests a need to design modular frameworks that allow organizations to select from a variety of pre-developed components that can be customized to their needs.

4.5.4. Trade-Off Between Proactive Threat Detection and Reactive Incident Response

Machine learning algorithms are capable of identifying patterns in large datasets, which supports reactive threat detection. While some machine learning-based predictive capabilities exist, they are currently constrained due to the emergent nature of many cyber-threats [17]. In addition, business intelligence applications are commonly used for retrospective analysis of past events; however, they can also be employed for real-time monitoring [19].
While both proactive and reactive approaches to detecting and responding to cyber-threats are important, the majority of existing implementations are reactive in nature [32]. Therefore, the trade-off between proactive threat anticipation and reactive incident response represents a gap in the literature that warrants further investigation.

5. Proposed Conceptual Framework

After conducting an extensive evaluation of the literature, a conceptual framework is proposed. Each level of the model has been inductively derived from the 35 studies evaluated in this review: the predictive level is predicated upon prior research regarding anomaly detection via machine learning [7,16], the analytical level is predicated upon research on business intelligence (BI) as a decision support tool [4,33], and the governance level is predicated upon research into cybersecurity incident response policy and practice [31,34].
The model is characterized by four main attributes. First, it is holistic: it covers the entire lifecycle of an event or incident from when data are captured to response and then governance. Second, it is integrated: it integrates the predictive power of machine learning with the analytical power of business intelligence. Third, it is flexible: it can be customized to meet the needs of multiple organizations and supply chains. Fourth, it is practical: it provides a clearly defined structure regarding who does and delivers what at each level.
As shown in Figure 6, the framework has four interacting layers that complement each other to create a holistic approach to cybersecurity risk management in supply chains.
The proposed machine learning-based business intelligence (ML-BI) model comprises four highly interrelated layers. Layer 1 is the Data Collection and Management Layer. It collects all types of security-related events throughout the supply chain system. Layer 2 is the Predictive Layer, which utilizes machine learning algorithms for anomaly detection and identification of potential threats within the supply chain data. Next is Layer 3, the Analytical Layer. It uses business intelligence tools to assess the severity and impact of identified threats. Finally, Layer 4 is the Response and Governance Layer. It combines insights from previous layers to support strategic cybersecurity decisions and organizational response protocols. The layers operate in a continuous loop, with each one providing output that feeds into the next layer to facilitate continuous improvement in the quality of threat detection and decision-making.
Table 7 summarizes the framework’s four distinct layers, which interact with one another.

5.1. Data Collection and Management Layer

This layer provides the foundation for the architecture’s framework and is where data are collected from multiple input points along the entire supply chain. Existing research supports the use of data collection as a vital component of cybersecurity analytics [22]. Data quality and the integration of data can impact the effectiveness of analytics in the following layers. This layer includes transaction data, network and security data, Internet of things (IoT) devices, and threat intelligence.
In this layer, the data are managed, and quality, integration, and security processes are undertaken. It forms the basis for advanced analytic operations in the layers above.

5.2. Machine Learning Predictive Layer

The Predictive Layer employs machine learning algorithms to prepare raw data, find patterns in that raw data, and determine if there are anomalies in the raw data that may indicate potential security threats [17]. Neural networks and deep learning models are effective at detecting anomalies related to cybersecurity [17]. Additionally, ensemble techniques demonstrate superior performance in threat classification applications [26].
The machine learning predictive processing layer operates in an ongoing fashion with the intent of detecting risks/making informed recommendations in real time while consistently improving the specificity (probability) of the machine learning process through iterative learning.

5.3. Business Intelligence Analytical Layer

The Business Intelligence Data Analytics Layer creates actionable insights for users based on the outputs of the machine learning predictive layer. Bharadiya (2023) [4] suggests that integrating the outputs of a machine learning model with business intelligence visualization tools greatly improves how well an organization’s decision-makers understand the outputs of the model and speeds up their responses to those outputs. Kourtit et al. (2017) [34] show that the use of real-time dashboards in complex operational environments increases situational awareness of the environment.
The outputs are meaningful because they can assist in explaining risks, exploring the potential nature of the impact of risks on financial performance and operational efficiency within supply chain contexts, and informing decision-making.

5.4. Response and Governance Layer

The Response and Governance Layer is the last interconnected module of the framework, which takes all of the analytical data from previous modules and converts it into specific, actionable cybersecurity measures. There are four approaches used by the Response and Governance Layer to convert the data into specific cybersecurity measures: automatic response protocols for high-confidence threats; decision support tools to help manage complex threat scenarios; ongoing policy and governance framework refinement to handle an ever-evolving threat landscape; and a continuous learning process that integrates human expertise and Automated Capabilities to continually improve System Performance and organizational resilience. The integrated framework is a comprehensive method of managing cybersecurity risks to supply chains. It takes full advantage of the predictive power of machine learning and the diagnostic and descriptive powers of business intelligence to make overall security more resilient [35,36].
It is also worth reiterating that the four layers of the conceptual framework are not completely separate and run together in a dynamic and ongoing manner. For example, the information derived from the business intelligence analytical layer could improve machine learning algorithms in Layer 2 (predictive) while decisions made in Layer 4 (response and governance) may generate new data that contributes to Layer 1 (data collection and management). This is critical to maintain continuous feedback and improvement within the framework while adapting to changes in threats and the supply chain environment. The close coupling between layers will also ensure that there are no “blind spots” in the risk management system because there different aspects of the cybersecurity risk management lifecycle are captured by each layer [37].

5.5. Framework Application Example: Ransomware Threat Scenario

To demonstrate the feasibility of utilizing the four-layer ML-BI model for addressing cyber-attacks on supply chains in the real world, this section outlines a hypothetical scenario illustrating a ransomware attack identified as having occurred through a supply chain partner. This example illustrates the interplay of each layer of the model to support complete identification, assessment, and response to potential cyber-threats; therefore, it supports that the four-layer ML-BI model can be effectively utilized to identify and manage the risk of cyber-threats across interconnected supply chain networks.
The data collection and management layer is the first step in the analytical process. It begins collecting various types of logs from all of the partner organizations’ IT infrastructures. These include logs from firewalls, endpoint detection and response (EDR) systems, and access controls. The unformatted raw data collected consist of important attributes including time stamps, user IDs, how users are accessing the system, what files users have accessed, and how users are using the network. All of this raw data is then formatted and normalized to be compatible with both the machine learning algorithm and the business intelligence reporting tool(s) [35,36]. Approximately 2.5 million unique events were collected within a 24 h monitoring window. The data collected provides a complete dataset for further analytics activities.
Upon completion of the data collection process, the machine learning predictive layer uses neural networks that have been trained using historical data relating to ransomware attacks to analyze the normalized dataset and generate an indicator-based determination regarding whether the threat is indicative of active propagation. Based upon analysis of the analytical outputs produced by the machine learning model, several significant conclusions are derived: detection of ransomware activity has a confidence level of 87% and a confidence value of 0.92 which is indicative of a high degree of reliability in predicting the occurrence of such activity. The systems most likely to be compromised are inventory management systems (probability = 95%), payment-processing systems (probability = 78%), and customer databases (probability = 65%). In addition, based upon analysis of the machine learning model’s analytical outputs, the threat was determined to be in the lateral movement phase (i.e., the privilege escalation activity), and the estimated timeframe for critical system compromise was determined to be between 4 and 6 h from the current time frame. Ultimately, the threat was assigned the highest possible priority rating (i.e., immediate action) so as to preclude continued propagation of the threat and to avoid the possibility of encrypting sensitive data. Collectively, these determinations provide a clear indication of the severity and breadth of the threat, thereby providing a basis for informed decision-making at subsequent framework layers.
The business intelligence analytical layer then combines these machine learning predictions with other relevant business context through an interactive dashboard to give the business decision-maker the full picture of the situation from operational, financial, and compliance perspectives. When the analyses are combined, it shows that the financial loss due to this breach is likely to be around $2.3 million in indirect losses; it also appears as though 12 down-stream partners may be impacted by supply chain effects within a 24 h time frame. Additionally, the inventory management system will be impacted and would be considered mission critical with a 99.995% availability rate. From a regulatory compliance standpoint, there are potential General Data Protection Regulation (GDPR) violations with associated fines of up to 4% of annual revenue if customer data is breached. This multi-faceted intelligence is presented to the user in an interactive visual interface format to show the attack timeline, hierarchical representation of the affected systems, financial impact assessment projections, and evidence-based recommendations for response action with associated outcome projections. This enables users to have a common understanding of both the technical and business aspects of the identified threats within a single analytical framework.
The Response and Governance Layer is the last of the three components of the framework that allows for the translation of output from the analytical layer into actual action. It does so by automating predefined governance protocols and decision-support mechanisms. When the Response and Governance Layer receives business intelligence assessments, it will trigger an immediate automated response process. This includes isolation of the network of affected systems, which is initiated within 2 min of detection, and the initiation of automated alert escalation protocols that simultaneously send notifications to the Chief Information Security Officer (CISO), Chief Financial Officer (CFO), and Incident Response Team Members. The Response and Governance Layer will also begin the formal incident response process by activating forensic investigation teams and external incident response consultants. It will also send automatic alert notifications to the identified downstream partners, along with precautionary recommendations to help mitigate the effects of a cascade across the supply chain. The Response and Governance Layer will create comprehensive compliance documentation by Automatically logging all actions taken during the response process to enable traceability and meet regulatory reporting requirements and comply with insurance claim processes. The decision support functionality in this layer provides three potential response options: Option A—system restoration from backups stored 48 h prior to the detection of the breach, with an estimated recovery time of six hours and data loss of approximately two days; Option B—system restoration from backup files stored 24 h prior to the detection of the breach with a reduced estimated recovery time of four hours and data loss of one day; and Option C—direct negotiation with threat actors at an estimated cost of between $500,000 and $1 million dollars with an estimated recovery time of approximately twenty-four hours and associated legal and compliance risks. After conducting a complete risk–benefit analysis, the Response and Governance Layer recommends Option B as the best course of action, as it provides the fastest system restoration with acceptable levels of data loss and will ensure compliance with regulations and provide the greatest applicability to the insurance coverage.
This example illustrates how the model can be integrated with both predictive (machine learning) and analytical (business intelligence) tools to provide decision support at a governance level. The model would also transform all available data generated by an organization’s systems into actionable information about potential threats that can help organizations make decisions based on both the financial and operational impact of those threats, as well as regulatory concerns that exist within the entire supply chain network.

5.6. Alignment with Industry Standards

While the ML-BI framework as a whole represents new and innovative ways of using both machine learning and business intelligence to enhance supply chain cybersecurity by providing a single framework to integrate these two technologies, it is also important to provide some historical background on the overall concept that the proposed ML-BI framework will be built upon (i.e., Industry Standards).
The next section shows how the ML-BI framework supports the same goals as the current industry standards and how it will build upon those standards, thereby providing an additional layer of protection and functionality for supply chain cyber security.

5.6.1. NIST Cybersecurity Framework (CSF)

The NIST Cybersecurity Framework identifies five (5) core functions: Identify, Protect, Detect, Respond, and Recover. The proposed ML-BI framework maps to these functions as described below.
  • Identify Function: The Data Collection Layer (Layer 1) collects and normalizes security data from the entire supply chain to enable the organization to identify assets, vulnerabilities, and threats.
  • Detect Function: The ML Predictive Layer (Layer 2) provides primary support for the Detect Function, using machine learning to determine if there are any anomalous patterns that could be indicative of cyber threats; real-time anomaly detection capabilities will enable early threat identification.
  • Respond Function: The BI Analytical Layer (Layer 3) and Response and Governance Layer (Layer 4) provide a decision-maker with contextual business information and automated response recommendations to support the Respond Function, enabling rapid decisions and coordinated response actions.
  • Recover Function: The recovery planning and execution capability included within the Response and Governance Layer (Layer 4) supports the Recover Function through documented procedures and compliance tracking.

5.6.2. ISO 27001 Information Security Management

The proposed ML-BI framework clearly aligns with each of the major controls required in the ISO 27001 Information Security Management System, therefore providing a high degree of confidence that it will meet an organization’s needs in a regulated environment.
Specifically, the logging requirements, as stated in control A.12.4.1, are met through the Data Collection Layer (Layer 1) of the proposed ML-BI framework. The Data Collection Layer provides systematic documentation of all security-related events throughout the supply chain infrastructure, thereby providing an effective means of maintaining a comprehensive audit trail and preparing for potential forensic activities.
The predictive aspects of identifying potential vulnerabilities or emerging threats prior to their exploitation by malicious actors are accomplished through the ML Predictive Layer (Layer 2). This layer utilizes advanced patterns recognition techniques to provide proactive identification of potential vulnerabilities and emerging threats.
The formalized incident response protocols, documented procedures, and structured process improvements for enhancing organizational incident management capability over time are provided through the Response and Governance Layer (Layer 4).
Finally, the BI Analytical Layer (Layer 3) of the proposed ML-BI framework fulfills the compliance evaluation requirements outlined in control A.18.1.1. The BI Analytical Layer provides detailed compliance reporting and comprehensive audit trail documentation to enable organizations to demonstrate compliance with applicable regulations and support the successful completion of both internal and external compliance audits.

5.6.3. Distinction and Unique Contribution

While NIST CSF and ISO 27001 offer broad frameworks for cybersecurity management, they are general frameworks and do not specifically relate to the integration of machine learning and business intelligence technologies. This proposed ML-BI framework offers the following unique contributions:
  • Explicit discussion of integrating machine learning and business intelligence technologies, which is not explicitly addressed in either NIST or ISO 27001.
  • A practical, technology-based approach to implement Supply Chain Cybersecurity.
  • Illustration of how predictive analytics (machine learning), and analytical decision support (business intelligence) can be formally combined to improve threat detection and response.
  • Addresses the specific issues related to supply chain cybersecurity, such as multi-organizational coordination and third-party risk management.
  • Therefore, the ML-BI framework represents a supplemental framework to operationalize the broad principles of NIST and ISO 27001 with the specific application of machine learning and business intelligence technologies within supply chain environments.

6. Conclusions

This systematic literature review presents an overall view of the present situation at the intersection point of machine learning (ML), Business Intelligence (BI) and supply chain cybersecurity. In addition to confirming that many organizations do utilize ML as an aid in threat detection, our findings indicate that there is currently little evidence to suggest that organizations are utilizing the full potential of BI as an analytical tool in conjunction with ML to support supply chain risk management decisions. As such, the current level of technological capability available for supply chain cybersecurity does not match the existing levels of practical applications.
To bridge this gap we propose that the primary contribution of this review is the development of a conceptual Four-Layer ML-BI Framework, intended to serve as a structured, integrated approach for managing risks in supply chains. By systematically providing a layered structure from data collection, using ML-based predictions, to BI-driven analyses, and then to strategic governance, the framework represents a roadmap for organizations to transition from utilizing siloed tools for supply chain cybersecurity towards a unified posture.
As a foundation for future empirical research and practical applications, especially for SMEs and developing economies where such an integrated system is critical, the model outlined in this paper can be viewed as a foundationally established model for future research.
In addition to the contributions of this review to the research community, there are also implications for the practitioner community. For researchers, the framework identified in this review represents a well-defined and structured research agenda to validate the proposed framework and to identify and explore how to apply the proposed framework to various industries. For practitioners, the framework outlined in this review can represent a useful model to enhance their cybersecurity capabilities, make better informed decisions, and develop more resilient supply chains in today’s increasingly digitally challenged environment.

7. Limitations and Future Research Directions

This systematic review has a number of limitations and future research directions, which should be kept in mind when interpreting the results.

7.1. Limitations

While the conclusions drawn from this review are supported by the data collected during this review process, they must be evaluated within the context of some limitations. The search was limited to the four largest academic databases (Scopus, IEEE Xplore, Web of Science, and ScienceDirect) and to only include English language publications. This may limit the inclusion of studies that were conducted using alternate languages or databases. Additionally, due to the diversity of methodologies employed in the articles included in the review, and the emerging nature of the research area, it was not possible to conduct a comprehensive meta-analysis of all the techniques presented. Lastly, it is possible that publication bias exists when the results of studies indicating successful use of various techniques are more likely to be published than those failing to demonstrate success. This could influence the inclusion of techniques reviewed and potentially skew the evaluation of the effectiveness of each technique.

7.2. Future Research Directions

Future research should pursue three main objectives based upon the findings of this review and the proposed framework. The first objective would be the technical validation of the proposed framework, which would involve conducting empirical tests of the feasibility and performance of the proposed framework in actual supply chain environments, or through the use of simulation models, including comparative testing of various ML algorithms and examination of the utilization of edge analytics for real-time threat detection. The second objective would focus on the organizational adoption of the proposed framework, specifically to determine what are the impediments and facilitators to adopting integrated ML-BI systems throughout organizations of varying sizes and geographic locations. The third objective would focus on the establishment of standards for inter-organizational governance to enable the ethical and legal collaboration and data sharing, accountability, and regulatory compliance among supply chain partners, to advance both the theoretical and practical aspects of supply chain cybersecurity.

Supplementary Materials

The following Supplementary Materials are available online: https://www.mdpi.com/article/10.3390/technologies14040194/s1; Table S1. PRISMA 2020 Checklist.

Author Contributions

Conceptualization: R.A. and F.A.-D.; Methodology: R.A., F.A.-D. and F.K.; Software: R.A. and F.A.-D.; Validation: R.A., F.A.-D., F.H., F.K. and A.A.; Formal Analysis: R.A. and F.A.-D.; Investigation: R.A., F.A.-D. and F.H.; Resources: F.H. and F.K.; Data Curation: R.A. and F.A.-D.; Writing—Original Draft Preparation: R.A. and F.A.-D.; Writing—Review and Editing: R.A., F.A.-D., F.H., F.K. and A.A.; Visualization: R.A. and F.A.-D.; Supervision: F.H. and F.K.; Project Administration: R.A. and F.H.; Funding Acquisition: F.H. and F.K. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not Applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The data presented in this systematic literature review are present in this article and Supplementary Materials. Complete datasets are available online.

Acknowledgments

We would like to express appreciation for the contributions of the academic community in areas of Machine Learning, Business Intelligence, Supply Chain Management, and Cybersecurity. We would like to extend our appreciation to the Researchers/Practitioners whose work formed the basis of this systematic literature review. We appreciate the University of Technology Sydney (UTS), and Mutah University for providing us with the opportunity to access academic databases and other resources required to conduct this thorough review. We also appreciate the open science initiative and Open Science Framework for allowing for the promotion of transparent and reproducible scientific practices. Finally, we would like to extend our appreciation to the Technologies Journal Editorial Team for their support and helpful comments during the manuscript revisions.

Conflicts of Interest

The authors declare that they do not have any conflicts of interest. There are no financial or personal relationships between the authors and any organization(s)/individuals that may impact this work inappropriately. The research was conducted independently by the authors with no financial/commercial interest in the results of the research.

Appendix A. Complete List of Reviewed Studies

This appendix provides the complete list of the 35 studies included in this systematic literature review. The studies are numbered 1–35 and these numbers correspond to the citation references used in Table 6 (Publication Patterns) throughout the manuscript.
Line NumberRef. No.Author(s)YearTitleVenue/Journal
1[35]Wang, G., Gunasekaran, A., Ngai, E. W. T., & Papadopoulos, T.2016Big data analytics in logistics and supply chain management: Certain investigations for research and applicationsInternational Journal of Production Economics
2[16]Larson, D., & Chang, V.2016A review and future direction of agile, business intelligence, analytics and data scienceInternational Journal of Information Management
3[36]Lamba, K., & Singh, S. P.2016Big data analytics in supply chain management: Some conceptual frameworksInternational Journal of Systems, Control and Communications
4[38]Dorri, A., Kanhere, S. S., Jurdak, R., & Gauravaram, P. [38]2017Blockchain for IoT security and privacy: The case study of a smart homeIEEE PerCom Workshops
5[39]Kshetri, N. 2017Blockchain’s roles in strengthening cybersecurity and protecting privacyTelecommunications Policy
6[33]Ang, L.-M., Seng, K. P., Zungeru, A. M., & Ijemaru, G. K.2017Big sensor data systems for smart citiesIEEE Internet of Things Journal
7[34]Kourtit, K., Nijkamp, P., & Steenbruggen, J.2017The significance of digital data systems for smart city policySocio-Economic Planning Sciences
8[22]Barbosa-Póvoa, A. P., da Silva, C., & Carvalho, A.2018Opportunities and challenges in sustainable supply chain: An operations research perspectiveEuropean Journal of Operational Research
9[40]Sangeetha, M.2018Smart supply chain management using internet of thingsInternational Journal of Systems, Control and Communications
10[41]Nguyen, T., Zhou, L., et al.2018Big data analytics in supply chain management: A state-of-the-art literature reviewComputers & Operations Research
11[42]Kshetri, N. 2018Blockchain’s roles in meeting key supply chain management objectivesInternational Journal of Information Management
12[37]Ivanov, D., Dolgui, A., Das, A., & Sokolov, B.2019Digital supply chain twins: Managing the ripple effect, resilience, and disruption risks by data-driven optimization, simulation, and visibilityHandbook of Ripple Effects in the Supply Chain
13[43]Radanliev, P., et al.2018Future developments in cyber risk assessment for the internet of thingsComputers in Industry
14[44]Roopak, M., Tian, G. Y., & Chambers, J. 2019Deep learning models for cyber security in IoT networksIEEE Annual Computing and Communication Workshop and Conference
15[17]Carleo, G., et al.2019Machine learning and the physical sciencesReviews of Modern Physics
16[45]Tissir, S., El Fezazi, S., & Cherrafi, A. 2020Industry 4.0 impact on lean manufacturingIEEE International Colloquium on Information Science and Technology
17[11]Ghadge, A., Er Kara, M., Moradlou, H., & Goswami, M.2020The impact of Industry 4.0 implementation on supply chainsJournal of Manufacturing Technology Management
18[46]Hassija, V., et al.2020A survey on supply chain security: Application areas, security threats, and solution architecturesJournal of Network and Computer Applications
19[1]Aljohani, A.2023Predictive analytics and machine learning for real-time supply chain risk mitigation and agilitySustainability
20[4]Bharadiya, J. P.2023The role of machine learning in transforming business intelligenceInternational Journal of Computer Science and Technology
21[6]Cannas, V. G., et al.2023Artificial intelligence in supply chain and operations management: A systematic literature reviewInternational Journal of Production Research
22[8]Cheung, K. F., Bell, M. G. H., & Bhattacharjya, J.2021Cybersecurity in logistics and supply chain management: An overview and future research directionsTransportation Research Part E: Logistics and Transportation Review
23[12]Chowdhury, R. H.2024Harnessing machine learning in business analytics for enhanced decision-makingWorld Journal of Advanced Research and Reviews
24[15]Creazza, A., et al.2022Who cares? Supply chain managers’ perceptions regarding cyber supply chain risk management in the digital transformation eraSupply Chain Management: An International Journal
25[18]Culot, G., Podrecca, M., & Nassimbeni, G.2024Artificial intelligence in supply chain management: A systematic literature review and future research agendaInternational Journal of Production Economics
26[2]Ghadge, A., Weiß, M., Caldwell, N. D., & Wilding, R.2023Cybersecurity risk management in supply chains: A systematic literature reviewSupply Chain Management: An International Journal
27[19]Guo, Y.2023A review of machine learning-based zero-day attack detectionComputer Communications
28[29]Hammi, B., Zeadally, S., & Nebhen, J.2023Security threats, countermeasures, and challenges of digital supply chainsACM Computing Surveys
29[9]Kshetri, N.2022Economics of supply chain cyberattacksIT Professional
30[30]Pandey, S., Singh, R. K., Gunasekaran, A., & Kaushik, A.2020Cyber security risks in globalized supply chains: Conceptual framework and empirical evidenceInternational Journal of Production Research
31[31]Quintero-Bonilla, S., & Martín del Rey, A.2020A new proposal on the advanced persistent threat: A surveyApplied Sciences
32[14]Gurtu, A., & Johny, J.2021Supply chain risk management: Literature reviewRisks
33[14]Kashef, R., et al.2023Bridging the bubbles: Connecting academia and industry in cybersecurity researchIEEE Security & Privacy
34[32]Sobb, T., Turnbull, B., & Moustafa, N.2020Supply chain 4.0: A systematic literature review of cyber attacks, computer security, and risk managementComputers & Industrial Engineering
35[10]Rani, S., Kataria, A., & Chauhan, M.2022Cyber security techniques, architectures, and designHolistic Approach to Quantum Cryptography in Cyber Security

References

  1. Aljohani, A. Predictive analytics and machine learning for real-time supply chain risk mitigation and agility. Sustainability 2023, 15, 15088. [Google Scholar] [CrossRef]
  2. Ghadge, A.; Weiß, M.; Caldwell, N.D.; Wilding, R. Cybersecurity risk management in supply chains: A systematic review. Int. J. Prod. Econ. 2023, 265, 109015. [Google Scholar]
  3. Bazeley, P.; Jackson, K. (Eds.) Qualitative Data Analysis with NVivo, 2nd ed.; SAGE Publications: Thousand Oaks, CA, USA, 2013. [Google Scholar]
  4. Bharadiya, J.P. The role of machine learning in transforming business intelligence. Int. J. Comput. Artif. Intell. 2023, 4, 16–24. [Google Scholar] [CrossRef]
  5. Schoenherr, T.; Swink, M. Revisiting the arcs of integration: Cross-validations and extensions. J. Oper. Manag. 2012, 30, 99–115. [Google Scholar] [CrossRef]
  6. Cannas, V.G.; Ciano, M.P.; Saltalamacchia, M.; Secchi, R. Artificial intelligence in supply chain and operations management: Multiple case study research. Int. J. Prod. Res. 2023, 62, 3333–3360. [Google Scholar] [CrossRef]
  7. Cappelli, D.M.; Moore, A.P.; Trzeciak, R.F. The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud); Addison-Wesley Professional: Boston, MA, USA, 2012. [Google Scholar]
  8. Cheung, K.F.; Bell, M.G.H.; Bhattacharjya, J. Cybersecurity in logistics and supply chain management: An overview and future research directions. Transp. Res. Part E Logist. Transp. Rev. 2021, 146, 102217. [Google Scholar] [CrossRef]
  9. Kshetri, N. Economics of supply chain cyberattacks. IT Prof. 2022, 24, 96–100. [Google Scholar] [CrossRef]
  10. Rani, S.; Kataria, A.; Chauhan, M. Cyber security techniques, architectures, and design. In Holistic Approach to Quantum Cryptography in Cyber Security, 1st ed.; CRC Press: Boca Raton, FL, USA, 2022; pp. 41–66. [Google Scholar]
  11. Ghadge, A.; Er, M.; Moradlou, H.; Goswami, M. The impact of Industry 4.0 implementation on supply chains. J. Manuf. Technol. Manag. 2020, 31, 669–686. [Google Scholar] [CrossRef]
  12. Chowdhury, R.H. Harnessing machine learning in business analytics for enhanced decision-making. World J. Adv. Eng. Technol. Sci. 2024, 12, 674–683. [Google Scholar] [CrossRef]
  13. Kashef, R.; Freunek, M.; Schwartzentruber, J.; Samavi, R.; Bulgurcu, B.; Khan, A.; Santos, M. Bridging the bubbles: Connecting academia and industry in cybersecurity research. In 2023 IEEE Secure Development Conference (SecDev); IEEE: Piscataway, NJ, USA, 2023; pp. 207–213. [Google Scholar]
  14. Gurtu, A.; Johny, J. Supply chain risk management: Literature review. Risks 2021, 9, 16. [Google Scholar] [CrossRef]
  15. Creazza, A.; Colicchia, C.; Spiezia, S.; Dallari, F. Who cares? Supply chain managers’ perceptions regarding cyber supply chain risk management in the digital transformation era. Supply Chain. Manag. Int. J. 2022, 27, 30–53. [Google Scholar] [CrossRef]
  16. Larson, D.; Chang, V. A review and future direction of agile, business intelligence, analytics and data science. Int. J. Inf. Manag. 2016, 36, 700–710. [Google Scholar] [CrossRef]
  17. Carleo, G.; Cirac, I.; Cranmer, K.; Daudet, L.; Schuld, M.; Tishby, N.; Vogt-Maranto, L.; Zdeborová, L. Machine learning and the physical sciences. Rev. Mod. Phys. 2019, 91, 045002. [Google Scholar] [CrossRef]
  18. Culot, G.; Podrecca, M.; Nassimbeni, G. Artificial intelligence in supply chain management: A systematic literature review of empirical studies and research directions. Comput. Ind. 2024, 162, 104132. [Google Scholar] [CrossRef]
  19. Guo, Y. A review of machine learning-based zero-day attack detection: Challenges and future directions. Comput. Commun. 2023, 198, 175–185. [Google Scholar] [CrossRef]
  20. Yeoh, W.; Popovič, A. Extending the understanding of critical success factors for implementing business intelligence systems. J. Assoc. Inf. Sci. Technol. 2016, 67, 134–147. [Google Scholar] [CrossRef]
  21. Page, M.J.; McKenzie, J.E.; Bossuyt, P.M.; Boutron, I.; Hoffmann, T.C.; Mulrow, C.D.; Shamseer, L.; Tetzlaff, J.M.; Akl, E.A.; Brennan, S.E.; et al. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. Syst. Rev. 2021, 10, 89. [Google Scholar] [CrossRef]
  22. Barbosa-Póvoa, A.P.; da Silva, C.; Carvalho, A. Opportunities and challenges in sustainable supply chain: An operations research perspective. Eur. J. Oper. Res. 2018, 268, 399–431. [Google Scholar] [CrossRef]
  23. Gusenbauer, M.; Haddaway, N.R. Which academic search systems are suitable for systematic reviews or meta-analyses? Evaluating retrieval quality of Google Scholar, PubMed, and 26 other resources. Res. Synth. Methods 2020, 11, 181–217. [Google Scholar] [CrossRef]
  24. Higgins, J.P.T.; Green, S. (Eds.) Cochrane Handbook for Systematic Reviews of Interventions (Version 5.1.0); The Cochrane Collaboration: London, UK, 2011. [Google Scholar]
  25. Toorajipour, R.; Sohrabpour, V.; Nazarpour, A.; Oghazi, P.; Fischl, M. Applications of artificial intelligence in supply chain management: A systematic literature review. J. Bus. Res. 2021, 122, 502–517. [Google Scholar] [CrossRef]
  26. National Institute of Standards and Technology. Framework for Improving Critical Infrastructure Cybersecurity, Ver. 1.0; NIST: Gaithersburg, MD, USA, 2014.
  27. ISO 27001; Information Technology, Security Techniques, Information Security Management Systems, Requirements. International Organization for Standardization ISO: Geneve, Switzerland, 2005.
  28. Vinayakumar, R.; Soman, K.P.; Velan, K.S.; Ganorkar, S. Evaluating shallow and deep networks for ransomware detection and classification. In 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI); IEEE: Piscataway, NJ, USA, 2017; pp. 1609–1618. [Google Scholar]
  29. Hammi, B.; Zeadally, S.; Nebhen, J. Security threats, countermeasures, and challenges of digital supply chains. ACM Comput. Surv. 2023, 55, 1–40. [Google Scholar] [CrossRef]
  30. Pandey, S.; Singh, R.K.; Gunasekaran, A.; Kaushik, A. Cyber security risks in globalized supply chains: A conceptual framework. J. Glob. Oper. Strateg. Sourc. 2020, 13, 103–128. [Google Scholar] [CrossRef]
  31. Quintero-Bonilla, S.; Martín del Rey, A. A new proposal on the advanced persistent threat: A survey. Appl. Sci. 2020, 10, 3874. [Google Scholar] [CrossRef]
  32. Sobb, T.; Turnbull, B.; Moustafa, N. Supply Chain 4.0: A survey of cyber security challenges, solutions and future directions. Electronics 2020, 9, 1864. [Google Scholar] [CrossRef]
  33. Ang, L.-M.; Seng, K.P.; Zungeru, A.M.; Ijemaru, G.K. Big sensor data systems for smart cities. IEEE Internet Things J. 2017, 4, 2246–2257. [Google Scholar] [CrossRef]
  34. Kourtit, K.; Nijkamp, P.; Steenbruggen, J. The significance of digital data systems for smart city policy. Socio-Econ. Plan. Sci. 2017, 58, 30–40. [Google Scholar] [CrossRef]
  35. Wang, G.; Gunasekaran, A.; Ngai, E.W.T.; Papadopoulos, T. Big data analytics in logistics and supply chain management: Certain investigations for research and applications. Int. J. Prod. Econ. 2016, 176, 98–110. [Google Scholar] [CrossRef]
  36. Lamba, K.; Singh, S.P. Big data analytics in supply chain management: Some conceptual frameworks. Int. J. Syst. Control. Commun. 2017, 28, 877–890. [Google Scholar] [CrossRef]
  37. Ivanov, D.; Dolgui, A.; Das, A.; Sokolov, B. Digital supply chain twins: Managing the ripple effect, resilience, and disruption risks by data-driven optimization, simulation, and visibility. In Handbook of Ripple Effects in the Supply Chain; Ivanov, D., Dolgui, A., Sokolov, B., Eds.; Springer: Cham, Switzerland, 2019; pp. 309–332. [Google Scholar]
  38. Dorri, A.; Kanhere, S.S.; Jurdak, R.; Gauravaram, P. Blockchain for IoT security and privacy: The case study of a smart home. In Proceedings of the 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), Kona, HI, USA, 13 March 2017; pp. 618–623. [Google Scholar]
  39. Kshetri, N. Blockchain’s roles in strengthening cybersecurity and protecting privacy. Telecommun. Policy 2017, 41, 1027–1038. [Google Scholar] [CrossRef]
  40. Sangeetha, M. Smart supply chain management using internet of things. Int. J. Syst. Control. Commun. 2018, 9, 172–184. [Google Scholar] [CrossRef]
  41. Nguyen, T.; Li, Z.H.; Spiegler, V.; Ieromonachou, P.; Lin, Y. Big data analytics in supply chain management: A state-of-the-art literature review. Comput. Oper. Res. 2018, 98, 254–264. [Google Scholar] [CrossRef]
  42. Kshetri, N. 1 Blockchain’s roles in meeting key supply chain management objectives. Int. J. Inf. Manag. 2018, 39, 80–89. [Google Scholar] [CrossRef]
  43. Radanliev, P.; De Roure, D.C.; Nicolescu, R.; Huth, M.; Montalvo, R.M.; Cannady, S.; Burnap, P. Future developments in cyber risk assessment for the internet of things. Comput. Ind. 2018, 102, 14–22. [Google Scholar] [CrossRef]
  44. Roopak, M.; Tian, G.Y.; Chambers, J. Deep learning models for cyber security in IoT networks. In Proceedings of the 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 7 January 2019; pp. 0452–0457. [Google Scholar]
  45. Tissir, S.; El Fezazi, S.; Cherrafi, A. Industry 4.0 impact on lean manufacturing: Literature review. In Proceedings of the 2020 IEEE 13th International Colloquium of Logistics and Supply Chain Management (LOGISTIQUA), Fez, Morocco, 2 December 2020; pp. 1–5. [Google Scholar]
  46. Hassija, V.; Chamola, V.; Gupta, V.; Jain, S.; Guizani, N. A Survey on Supply Chain Security: Application Areas, Security Threats, and Solution Architectures. IEEE Internet Things J. 2020, 8, 6222–6246. [Google Scholar] [CrossRef]
Technologies 14 00194 g001
Figure 1. PRISMA Flow Diagram for Study Selection Process.
Figure 1. PRISMA Flow Diagram for Study Selection Process.
Technologies 14 00194 g001
Technologies 14 00194 g002
Figure 2. Distribution of studies by publication year (2016–2025).
Figure 2. Distribution of studies by publication year (2016–2025).
Technologies 14 00194 g002
Technologies 14 00194 g003
Figure 3. Distribution of studies by research methodology.
Figure 3. Distribution of studies by research methodology.
Technologies 14 00194 g003
Technologies 14 00194 g004
Figure 4. Classification of Machine Learning and Business Intelligence Techniques.
Figure 4. Classification of Machine Learning and Business Intelligence Techniques.
Technologies 14 00194 g004
Technologies 14 00194 g005
Figure 5. Typology and Distribution of Supply Chain Cybersecurity Threats.
Figure 5. Typology and Distribution of Supply Chain Cybersecurity Threats.
Technologies 14 00194 g005
Technologies 14 00194 g006
Figure 6. Conceptual Framework for Integrating Machine Learning and Business Intelligence in Supply Chain Cybersecurity Risk Management.
Figure 6. Conceptual Framework for Integrating Machine Learning and Business Intelligence in Supply Chain Cybersecurity Risk Management.
Technologies 14 00194 g006
Table 1. Distribution of Studies by Publication Year.
Table 1. Distribution of Studies by Publication Year.
Publication Year Number of Studies Percentage
2016–2017720%
2018–2019822.9%
2020–2021925.7%
2022–2023720%
2024–2025411.4%
Total35100%
Table 2. Distribution of Studies by Methodology.
Table 2. Distribution of Studies by Methodology.
MethodologyNumber of StudiesPercentage
Theoretical Reviews1234.3%
Empirical Studies1028.6%
Case Studies822.9%
Mixed method514.3%
Total35100%
Table 3. Classification of Machine Learning and Business Intelligence Techniques.
Table 3. Classification of Machine Learning and Business Intelligence Techniques.
ML/BI TechniqueNumber of StudiesPercentageKey Applications
ML Technique
Neural Networks1028.70%Anomaly detection, threat prediction
Supervised Learning Algorithms617.10%Threat classification, attack detection
Unsupervised Learning Algorithms411.40%Pattern recognition, clustering threats
BI Technique
Predictive Analytics925.70%Risk forecasting, vulnerability assessment
Big Data Analytics411.40%Real-time monitoring, trend analysis
Business Intelligence Dashboards25.70%Visualization, decision support
Total35100%
Table 4. Typology of Supply Chain Cybersecurity Threats.
Table 4. Typology of Supply Chain Cybersecurity Threats.
Cybersecurity Risk TypeNumber of StudiesPercentageKey Characteristics
Data Breaches925.7%Unauthorized access, data theft
Ransomware822.9%System lockdown, extortion
Third-party vulnerabilities720%Vendor security gaps, trust exploitation
IoT device compromises617.1%Connected device weaknesses, botnet recruitment
Supply chain infiltration514.3%Long-term persistence, stealthy operations
Total35100%
Table 5. Methodological Quality Assessment of Included Studies.
Table 5. Methodological Quality Assessment of Included Studies.
Quality DimensionAverage Score (1–5)Standard DeviationInterpretation
Methodological rigor3.80.7Strong
Theoretical foundation3.50.9Moderate to strong
Data quality3.21.1Moderate
Analytical approach3.70.8Strong
Practical implications3.41.0Moderate to strong
Overall Quality3.50.9Moderate to strong
Table 6. Publication Patterns from 2016 to 2025.
Table 6. Publication Patterns from 2016 to 2025.
PeriodNo. StudiesPercentagePrimary FocusML-BI IntegrationLine Number
(Appendix A)
2016–2017720.0%Foundational ML/BI applications in SCMLow1–7
2018–2019822.9%Big Data Analytics emergence, IoT securityModerate8–15
2020–2021925.7%COVID-19 cybersecurity challenges, threat detectionHigh16–24
2022–2023720.0%ML-BI integration frameworks, risk assessmentHigh25–31
2024–2025411.4%Applied frameworks, real-time analyticsVery High32–35
Table 7. The proposed Machine Learning–Business Intelligence layers.
Table 7. The proposed Machine Learning–Business Intelligence layers.
Framework LayersPrimary FunctionsKey Output
Data Collection & Management (Layer 1)Capture security events across supply chain systemsStructured security data and event logs
Machine Learning Predictive (Layer 2) Detect anomalies and identify threatsThreat alerts and risk scores
Business Intelligence Analytical (Layer 3)Assess threat severity and organizational impactRisk assessments and impact analyses
Response & Governance
(Layer 4)		Support strategic cybersecurity decisionCybersecurity decisions and action plans
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Aljaafreh, R.; Al-Doghman, F.; Hussain, F.; Khan, F.; Aljaafreh, A. Integrating Machine Learning and Business Intelligence into Supply Chain Risk Management for a Comprehensive Cybersecurity Framework: A Systematic Literature Review. Technologies 2026, 14, 194. https://doi.org/10.3390/technologies14040194

AMA Style

Aljaafreh R, Al-Doghman F, Hussain F, Khan F, Aljaafreh A. Integrating Machine Learning and Business Intelligence into Supply Chain Risk Management for a Comprehensive Cybersecurity Framework: A Systematic Literature Review. Technologies. 2026; 14(4):194. https://doi.org/10.3390/technologies14040194

Chicago/Turabian Style

Aljaafreh, Rasha, Firas Al-Doghman, Farookh Hussain, Fazlullah Khan, and Ali Aljaafreh. 2026. "Integrating Machine Learning and Business Intelligence into Supply Chain Risk Management for a Comprehensive Cybersecurity Framework: A Systematic Literature Review" Technologies 14, no. 4: 194. https://doi.org/10.3390/technologies14040194

APA Style

Aljaafreh, R., Al-Doghman, F., Hussain, F., Khan, F., & Aljaafreh, A. (2026). Integrating Machine Learning and Business Intelligence into Supply Chain Risk Management for a Comprehensive Cybersecurity Framework: A Systematic Literature Review. Technologies, 14(4), 194. https://doi.org/10.3390/technologies14040194

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop