What problem does this paper attempt to address?

The paper aims to address the issue of cybersecurity risk assessment in digital supply chains. Specifically, the research objective is to evaluate the effectiveness of digital supply chain attributes in predicting the risk of data breaches due to cyberattacks on enterprises. The main contributions of the paper include: 1. **Research Background**: With the acceleration of digitalization, the digital supply chains of enterprises have become increasingly complex, leading to a surge in cyberattacks through third-party vendors. Existing cybersecurity risk assessment methods mainly focus on the internal infrastructure and processes of enterprises, neglecting the additional risks brought by digital supply chains. 2. **Dataset Construction**: The researchers constructed a comprehensive dataset containing over 30,000 companies from industries such as healthcare, oil and gas, and retail. The dataset includes organizational characteristics and cybersecurity ratings of these entities, as well as detailed records of their digital vendors (third and fourth-party vendors) and data breach histories. 3. **Analytical Methods**: Through a descriptive analysis of the global digital supply chain network structure, the research team defined a series of characteristics related to digital supply chains and developed predictive models using machine learning methods to assess the value of these characteristics in predicting future cybersecurity risks. 4. **Machine Learning Model Evaluation**: The paper trained three different machine learning models, with Model 3 incorporating local supply chain network characteristics on top of the baseline model. The results showed that these characteristics significantly improved prediction accuracy. 5. **Key Findings**: The research results indicate that considering the network structure and attributes of an enterprise's digital supply chain can significantly enhance the ability to predict future cybersecurity risks. Specifically, Model 3 showed a 2.3% improvement in predictive capability compared to the baseline model that only used internal enterprise characteristics, which is valuable for low-probability, high-impact risk events. 6. **Feature Evaluation**: The paper further analyzed the most important features in the model, identifying key drivers of cybersecurity risk, such as connections with healthcare industry vendors and the average cybersecurity rating of specific types of third-party vendors. In summary, this paper is the first to demonstrate through large-scale data-driven analysis that digital supply chain attributes can effectively predict the cybersecurity risks faced by enterprises, providing important insights for improving cybersecurity risk management.