QR2MSE2022-0001-1337

Digital Transformation Risks and Countermeasures of

Small and Medium-Sized Cross-Border E-Commerce
Enterprises

Hong-Jun Chen An-Ying Liu

School of Management School of Management
Beijing Institute of Economics and Management Beijing Institute of Economics and Management
Beijing, China Beijing, China
hongjunchen@biem.edu.cn

Abstract—The existing trade platforms for small and medium- faced in the process of digital transformation, and it is important
sized cross-border e-commerce enterprises can no longer meet the to identify and analyze the risks in the implementation process
growing demand of business volume, which need to implement and put forward targeted response methods to promote the
digital transformation urgently. By investigating the current smooth implementation of digital transformation of cross-border
situation of digital transformation of small and medium-sized e-commerce.
cross-border e-commerce enterprises, this paper identifies and
analyzes the potential risks at different stages of the whole life
cycle of digital transformation data from the perspective of digital II. RISK SURVEY OF DIGITAL TRANSFORMATION
economy, and puts forward risk response suggestions for digital According to the data of the report "Analysis Report on
transformation of small and medium-sized cross-border e- Digital Transformation of SMEs (2020)", 89% of SMEs are in
commerce enterprises in order to guide the smooth the exploration stage of digital transformation, 8% of SMEs are
implementation of digital transformation of small and medium- in the practice stage of digital transformation, and only 3% of
sized cross-border e-commerce enterprises. SMEs are in the deep applied stage of digital transformation.
And due to the characteristics of small scale, poor risk resistance,
Keywords-digital economy; cross border e-commerce; Digital insufficient financing and innovation ability, SMEs have no
transformation; small and medium-sized enterprises(SMES)
capital, no talent, no technology, no platform, no resources, etc.,
which restrict the digital transformation of SMEs.
I. INTRODUCTION
Due to the continuing impact of COVID-19, offline
consumption is generally hampered, and the "home economy" is
increasingly prevalent inboard and abroad, which stimulates the
rapid development of cross-border e-commerce. According to
the General Administration of Customs, the total volume of
cross-border e-commerce imports and exports reached 1.69
trillion yuan in 2020, an increase of 31.1% compared with the
previous year. Small and medium-sized cross-border e-
commerce enterprises have the most active transactions and the
highest business volume share in cross-border e-commerce
activities, playing a crucial role in improving the vitality of
China's overall economy.
However, most domestic small and medium-sized cross-
border e-commerce enterprises' digital trade platforms are facing
a. Source: Analysis Report on Digital Transformation of SMEs (2020)
problems such as data fragmentation, difficult management of
multi-channel orders, complex and inefficient warehouse Fig. 1. Statistics of digital transformation of SMEs nationwide
operations, scattered customer data, lagging procurement plans,
and difficulties in logistics tracking, etc. Facing the continuous A. "Will not Transform": Weak Foundation, Difficult
growth of business volume, the digital transformation of cross- Transformation
border e-commerce is imminent or already on the way. While
making full use of the new development engine of digital First, there are few digital and composite talents. According
economy and promoting the vigorous development of cross- to relevant statistics, the average percentage of digital-related
border e-commerce, we should also see the many uncertainties talents in SMEs is 20%, and the percentage of enterprises that

The 12th International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering
QR2MSE 2022, Emeishan, Sichuan, China
978-1-6654-7193-0/22/$31.00 ©2022 IEEE 538
Authorized licensed use limited to: Universidad Industrial de Santander. Downloaded on July 12,2023 at 22:14:27 UTC from IEEE Xplore. Restrictions apply.
have established digital training system is 15%. The lack of
digital talents and imperfect training mechanism is an important
factor that hinders the digitalization of SMEs.
Second, the foundation of data collection is weak, and
informatization and digitalization have not been fully
established. Digital transformation can be divided into three
steps, informationization—digitalization—intelligence. Data
collection, the establishment of production database is an
important step in the digitalization of enterprises. According to
relevant statistics, only 34% of SMEs to achieve design,
production, logistics, sales, service and other key business data
collection, the overall degree of information management of
enterprises is low.
Third, the level of technology application is low. The digital
foundation level of China's SMEs is weak. 40% realized the data
collection of technical QR code and barcode; only 5% of the
enterprises adopt big data analysis technology to provide
optimization suggestions and technical support to the production
and manufacturing process [1].
B. "Can not Transform": Less Supply, High Transformation
Cost
First, the transformation costs are high. SMEs are small in
scale, with little self-owned funds and poor financing ability,
only about 12% of SMEs get bank loans. And the SMEs’ capital
chain is weak, poor risk resistance, so it is difficult for
enterprises to continue digitization only by their own investment.
Second, insufficient investment in basic information. SMEs
invest less in network equipment, information systems and other
resources than large enterprises.
C. "Dare not to Transform": Poor Collaboration, Slow
Transformation Effect
The digital transformation of enterprises is a systematic and
all-round disruptive project, which involves the reform of
enterprise's organizational structure, business process, customer
terminal, internal control, etc. It needs to establish and improve
the whole information construction of enterprises, to realize the
collection data between departments of finance, through data
information barriers, to achieve data and interactive. Continuous
capital investment is needed to realize the synergistic
transformation of enterprises from top to bottom or even the
whole ecological chain. So, the digital transformation is costly,
long-period and slow.
III. DIGITAL TRANSFORMATION RISK IDENTIFICATION AND
ANALYSIS
Aˊ Digital Transformation Risk Identification
According to the recently released RSA Digital Risk Report
in the United States, the top eight key risks associated with
digital transformation are: cyber attacked risk, dynamic
employee risk, third party risk, cloud transformation risk, data
and privacy risk, process automation risk, compliance risk, and
business resilience risk.
For small and medium-sized cross-border e-commerce
enterprises in digital transformation, they face more risks arising
The 12th International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering
539
Authorized licensed use limited to: Universidad Industrial de Santander. Downloaded on July 12,2023 at 22:14:27 UTC from IEEE Xplore. Restrictions apply.
from the data level and innovative applications, in addition to
business risks arising from transformation failure, data
governance privacy risks, and information security risks
originating from the infrastructure level, network environment
level, and system application level in the traditional sense. More
risks arise at the data level and innovative applications. As most
of the important and sensitive data of small and medium-sized
cross-border e-commerce enterprises are concentrated in the
application system, data security is quite important in the process
of data management and governance. Data security basically
covers the areas of data transmission, data storage and data
application, and is a key area for data security management and
security policy development (as shown in Figure 1). For each
stage of potential risks and data-related activities to establish
relevant data protection mechanisms, and ultimately achieve
complete protection and monitoring for the inflow of enterprise
data lifecycle.
x Risk in data transmission link: the data transmission
process may be interrupted, data may be intercepted
and tampered, and it is very difficult to trace the source
due to the numerous operation links and extensive paths
involved.
x Risk in data storage link: risk in storage link, Limited
by factors such as the level of network security
technology in the storage place after the data crossed
the border, data leakage may easily occur.
x Risk in data application link: the cross-border data has
various bearing mediums, different presentation forms
and wide range of application scenarios, and there are
differences or even conflicts in policies and laws in
countries/regions before and after the data cross border,
resulting in unclear permissions of data owners and
users, data may be misused; and enterprises may also
face the challenge of data compliance. For example,
criminals use loopholes in websites or software to steal
user information and tamper with data leading to wrong
corporate decisions, and multinational enterprises take
advantage of the differences in policies outside the
country to develop gray industries and evade legal
sanctions. The risks in the process of cross-border data
transfer involve many complex legal issues, including
the above-mentioned data compliance, privacy
protection, application and jurisdiction of international
laws, etc., which pose significant challenges to the
healthy and orderly development of global digital trade,
and different countries hold different attitudes towards
cross-border data transfer based on different goals [2].
QR2MSE 2022, Emeishan, Sichuan, China
 pY
User S ( p)
rights access
response
amendment rejection Continuous control Restriction of processing Erasure

( p Y  (1  p ) Y )1 / Y  
Risk
The function is called a probability weighting function and
Data Transmission Data Storage Data Application expresses that people tend to overreact to small probability
User notification Risk Operation
database
Data user profile Risk events, but underreact to medium and large probabilities [6].
warehouse Information push
Online storage Offline storage
Data x Data Customer service
collection Risk Advertising and
The probability weighting function is used to improve the
lifecycle Risk
Message
x
x
APP
WEB
marketing
Payment platform
Risk probability of risk occurrence and give higher weight to risk
Queue
x IOT devices Third-party events with high probability of occurrence.
x Third party interface Risk
Privacy
acquisition Log File cluster x Step 4 Calculation of the Value of the Risk
Justification and
minimization of Records and monitoring for Identity identification
convergence at the operation of each business mechanism and Risk value is determined by the value function and
system and platform authority management
data generation
at the data call probability weighting function [7].

b. Source: PwC's Digital Trust Insights for China Report 2019

 ri S ( pi )v(ci )  
Fig. 2. Potential risks at different stages of the data lifecycle

S ( pi ) , probability weighting function, is a monotone

Bˊ Digital Transformation Risk Analysis increasing function by probability evaluation. v(ci ) , value
The risk matrix is a common risk analysis method, which function, is the value of subjective judgment of the consequence
determines the degree of risk by measuring the risk probability [8].
and consequence. In many situations, the probability and
consequence are difficult to judge objectively, and can only be Cˊ Application of Risk Analysis Results
obtained through the subjective judgment of experts. This paper
refers to the method of improving language scale and considers Taking a digital transformation enterprise as an example, risk
the influence of experts' psychological factors to improve the identification is carried out from the aspects of data transmission
probability value and consequence value obtained. The revised link, data storage link, data application link and other links.
probability value and consequence value are used to calculate Risks in data transmission link include mismatch between
degree of risk. The risk analysis process is as follows. data protection measures and sensitivity level, shortcomings in
x Step1 Identification of Consequence and Probability unified access control mechanism and operation/maintenance
personnel dragging and crashing the database.
For an item, set R = ^r1 , r2 ," , rn ` , as risk set, ri can be defined Risks in data storage link include permissions out of control,
as its probability ‫ ݌‬, p  ˄0,1) and its consequence c , shortcomings of unified access control mechanism and
operation/maintenance personnel dragging and crashing the
c ˄0,10] . [3] database.
The greater the value of ‫݌‬, the greater the probability of risk Risks in data application link include malicious operation
occurrence; The greater the value of c, the more serious the during processing, lack of automatic command approval
consequences once the risk occurs. mechanism, governance process out of control and privacy
x Step2 Value Function [4] breach. There are some other risks, including data leakage,
illegal application server access and illegal use of data.
The following table shows the results of risk identification
 v (c ) cE   and analysis of digital transformation of an enterprise, defining
ȕ=1.05 and Y=0.6, and the risk value of each risk event can be
E is the degree of punch of power function in threat obtained by calculation.
regional, E  1 means sensitivity decrement, E  (0,1] , is
Improvement coefficient, if E 1 , V (c) c . TABLE I. RISK IDENTIFICATION TABLE OF AN ENTERPRISE'S DIGITAL
TRANSFORMATION
Through the value function, the risk attitude of risk judges
can be introduced into the measurement of risk degree, which Risk link Risk event Consequence Probability
is an effective supplement to experts' judgment on loss. Mismatch between data
protection measures and 6 0.3
x Step3 Probability Weighting Function [5] Risk in data sensitivity level
transmission
link Shortcomings in unified
access control 8 0.2
mechanism

The 12th International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering
QR2MSE 2022, Emeishan, Sichuan, China
540
Authorized licensed use limited to: Universidad Industrial de Santander. Downloaded on July 12,2023 at 22:14:27 UTC from IEEE Xplore. Restrictions apply.
 Risk link Risk event Consequence Probability and the risk of dragging and crashing by operation and
Operation/maintenance maintenance personnel in the process of digital transformation.
personnel dragging and 9 0.2
crashing the database
IV. SUGGESTIONS FOR DIGITAL TRANSFORMATION RISKS
Permissions out of
10 0.1
control A. Strengthen Top-Level Design and Promote Comprehensive
Shortcomings of unified Transformation of Enterprise Strategy and Culture.
Risk in data access control 8 0.2
storage link mechanism SMEs managers should fully realize that digital
Operation/maintenance transformation is a top-down, leadership-led change.
personnel dragging and 2 0.2 Digitalization is not only an innovation of technology, but also a
crashing the database change of cognition, value, strategy and leadership [9]. For this
Malicious operation
during processing
2 0.1 reason, leaders should strengthen the strategic planning of digital
Lack of automatic
transformation, systematically think about what aspects of
Risk in data command approval 1 0.1 digital transformation strategy are related to the enterprise, what
application mechanism opportunities digital transformation will bring to the enterprise,
link
Governance process out
5 0.3
what difficulties may be encountered, what are the successful
of control experiences of digital transformation of other enterprises in the
Privacy breach 6 0.2 same industry, where is the entry point of digital transformation
Data leakage 6 0.2 of this enterprise, and what support and guarantee are needed to
Illegal application promote digital transformation from organizational structure,
Other 8 0.3
server access
capital allocation, talent introduction, etc. What kind of support
Illegal use of data 5 0.2
and guarantee are needed to promote digital transformation from
organizational structure, capital allocation and talent
TABLE II. RISK ANALYSIS TABLE OF AN ENTERPRISE'S DIGITAL
TRANSFORMATION introduction.
SMEs still need to practice their internal skills, change their
Probability Value
Risk
Risk event
Value
weighting of the concepts, standardize management, broaden financing channels,
link function maximize the deployment of existing resources, enhance
function Risk
profitability, actively adapt to the new situation, play their own
Mismatch between
data protection advantages, promote self-change and digital empowerment,
6.56 0.33 2.15 enhance their own strength, provide the necessary conditions for
measures and
sensitivity level digital transformation, and enhance the ability to cope with risks
Risk in data Shortcomings in and sustainable development. At the same time, we should
transmission unified access control 8.88 0.26 2.27 promote the change and reshaping of corporate culture, so that
link mechanism
corporate culture, management philosophy and organizational
Operation/maintenance
personnel dragging
behavior can adapt to the needs of digital development and
10.05 0.26 2.57 ensure the "unity of spirit and form" of digital transformation.
and crashing the
database
Permissions out of B. Build a Talent Team and Provide High-Level Talent
11.22 0.17 1.88
control Guarantee for Digital Transformation.
Shortcomings of
unified access control 8.88 0.26 2.27 Based on the introduction of talents, we focus our existing
Risk in data
storage link
mechanism staff, improve the capacity to speed up cultivating staff's digital
Operation/maintenance thinking, under perfect digital ecology of staff incentive
personnel dragging mechanism and management system, let employees take the
2.07 0.26 0.53
and crashing the
database
initiative to embrace digital, become familiar with technology,
Malicious operation
and understand the business and management talent, fully
2.07 0.17 0.35 activate digital talent, digital transformation to provide strong
during processing
Lack of automatic driving force for the enterprise. At the same time, strengthen
Risk in data
command approval 1 0.17 0.17 communication and cooperation with universities and scientific
application
mechanism research institutions, universities and scientific research
link
Governance process institutions to provide digital technology, enterprises to provide
5.42 0.33 1.78
out of control
digital cultivation base, jointly build a long-term and efficient
Privacy breach 6.56 0.26 1.68
talent incubation mechanism.
Data leakage 6.56 0.26 1.68
Illegal application
Other 8.88 0.33 2.91 C. Improve Digital Infrastructure and Digital Platform
server access
Illegal use of data 5.42 0.26 1.39 Construction With the Help of External Forces.
As can be seen from the above table, this enterprise needs to Digital transformation is a technical field in which traditional
focus on the risk of illegal application server access, the risk of industrial technology, data technology, information technology
mismatch between data protection measures and sensitivity level, and intelligent technology are combined together. SMEs have a
the risk of shortcomings in the unified access control mechanism,

The 12th International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering
QR2MSE 2022, Emeishan, Sichuan, China
541
Authorized licensed use limited to: Universidad Industrial de Santander. Downloaded on July 12,2023 at 22:14:27 UTC from IEEE Xplore. Restrictions apply.
weak digital foundation and insufficient financial strength, so
they must improve digital infrastructure and digital platform
construction with the power of external partners. SMEs should
rely on the achievements of existing information system
construction, accelerate the cultivation and application of 5G,
cloud computing, blockchain, artificial intelligence, digital twin
and other new generation information technology, and explore
the construction of a "data center" and "business center" to adapt
to the business characteristics and development needs of
enterprises. We should explore new IT architecture models such
as "DataHub" to meet the business characteristics and
development needs of enterprises, build a new generation of
agile, efficient and reusable digital technology infrastructure,
accelerate the formation of digital technology-enabled platforms.
At the same time, SMEs should take the initiative, make use
of the preferential policies of the state to support the
development of digital transformation of SMEs, optimize
organizational management, improve institutional mechanisms,
and deploy internal and external resources to ensure that digital
infrastructure and digital platform construction projects take
effect on the ground and enhance efficiency and effectiveness.
D. Build Digital Governance Capability and Solve the
Problems of Data Security and Integration Application.
The digital transformation of SMEs is accelerating from
"technology-driven" to "data-driven", with data flow driving
technology flow, material flow, capital flow and talent flow, thus
promoting business innovation and model change [10].
Enterprises should effectively strengthen the governance of big
data, solve the problem of sharing and integration of big data
applications, and open up the channels of data sharing and
integration between various departments in the enterprise,
among enterprises, and between enterprises and the government,
so that all parties are willing to share their data. It is necessary to
clarify the ownership and use of data, define the boundaries of
rights and responsibilities, and effectively protect the privacy
and security of users. Enterprises can identify risks at the initial
stage of new technology application, so as to better cope with
them and carry out security control by using relevant
technologies. Enterprises can carry out overall combing from
different dimensions of management system, technology system,
operation system and evaluation system, and then meet the
security needs of new technologies applied in various scenarios
(such as procurement planning, logistics tracking, inventory
management, etc.), not only to seize the focus of security
construction, but also to drive the security pain points that are
difficult to overcome in the original technology environment.
When the enterprise's use and operation of the new technology
is relatively stable, it can gradually establish real digital trust
from different dimensions such as compliance construction,
management system, technical response and data control.
V. CONCLUSION
By investigating the current situation of digital
transformation of small and medium-sized cross-border e-
commerce enterprises, this paper identifies and analyzes the
potential risks at different stages of the whole life cycle of
digital transformation data from the perspective of digital
The 12th International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering
542
Authorized licensed use limited to: Universidad Industrial de Santander. Downloaded on July 12,2023 at 22:14:27 UTC from IEEE Xplore. Restrictions apply.
economy, and puts forward risk response suggestions for
digital transformation of small and medium-sized cross-
border e-commerce enterprises.
In the process of digital transformation of small and
medium-sized cross-border e-commerce enterprises, the
construction of the enterprise's security risk management
system is a dynamic and long-term process, which is difficult
to be achieved immediately濁 How to accurately assess and
dynamically monitor risks, how to reduce the possibility of
risks and the severity of consequences, and how to turn risks
into opportunities requires comprehensive, active and
effective risk control at the strategic level, governance level
and implementation level, enhance risk awareness, establish
digital risk prevention and control programs suitable for
enterprises themselves, and promote the sustainable
development of digital transformation.
ACKNOWLEDGMENT
This work is supported by the Scientific Research Project of
Beijing Institute of Economics and Management (20BSA02).
REFERENCES
[1] X. Zhang, “The Impact of ‘Novel Coronavirus Pneumonia’ on Small and
Medium Sized Foreign Trade Enterprises and Its Countermeasures,”
Modern Industrial Economy, vol. 38, no. 3, pp. 27-37, 2020.
[2] Y. Yang, L. Yang, H. Chen, J. Yang, and C. Fan, “Risk factors of
consumer switching behaviour for cross-border e-commerce mobile
platform,” International Journal of Mobile Communications, vol. 18, no.
3, pp. 641-664. 2020.
[3] G. Wu, and R. Gonzalez, “Curvature of the probability weighting
function,” Management Science, vol. 42, no. 12, pp. 1676-1690. 1996.
[4] D. Kahneman and A. Tversky, “Prospect theory: An analysis of decision
under risk,” Economica, vol. 47, no. 2, pp: 263-291, 1979.
[5] G. Wu, and R. Gonzalez, “Curvature of the probability weighting
function,” Management Science, vol. 42, no. 12, pp. 1676-1690. 1996.
[6] Y. Q. Dai, Z. S. Xu, Y. Li, and Q. L. Da, “New Evaluation Scale of
Linguistic Information and Its Application”, Chinese Journal of
Management Science, vol. 16, no. 2, pp. 145-149, 2008
[7] A. Liu and F. Wei, “Research on Method of Dynamic Risk Evaluation of
R&D Project Based on New Evaluation Scale of Linguistic Information,”
Journal of Convergence Information Technology, vol. 7, no. 6, pp. 34-40,
2012.
[8] C. Wang and H. Wang, “Study on the Dynamics Management Model on
the Process Risk Organization Behaviour of the Major Research and
Development (R&D) Project,” Science of Science and Management of
S.& T, vol. 10, pp. 189-192, 2008.
[9] S. P. Goldman, H. V. Herk, T. Verhagen, and J. W. Weltevreden,
“Strategic orientations and digital marketing tactics in cross-border e-
commerce: Comparing developed and emerging markets,” International
Small Business Journal, vol. 39, no. 4, pp. 350-371, 2021.
[10] L. Chen and L. Ruddy. “Improving Digital Connectivity: Policy Priority
for ASEAN Digital Transformation,” Journal of ERIA Policy Brief, vol.
7, pp. 1-4, 2020.
QR2MSE 2022, Emeishan, Sichuan, China