This article presents a secondary analysis of the literature, supplemented by case studies to determine if large companies increase their exposure to risk by having small‐ and medium‐size enterprises (SMEs) as partners in business critical positions in the supply chain, and to make recommendations concerning best practice. A framework defining the information systems (IS) environment is used to structure the review. The review found that large companies’ exposure to risk appeared to be increased by inter‐organisational networking. Having SMEs as partners in the supply chain further increased the risk exposure. SMEs increased their own exposure to risk by becoming partners in a supply chain. These findings indicate the importance of undertaking risk assessments and considering the need for business continuity planning when a company is exposed to inter‐organisational networking.