Explore our Annual Supply Chain report today.  

Filter by Categories
Interview
News
Filter by Tags
survey
Filter by Resources Categories
Report
White Papers

Category: Perspective

The Supply Chain Implications of the Russian Energy Ban

Posted on by Andrea Little Limbago

The Biden Administration issued an executive order earlier this month that bans the import of Russian oil, liquefied natural gas, and coal to the United States and prohibits any United States citizen from initiating any new investment in the Russian energy sector, regardless of where that person is located. 

This is another punitive step as the United States ramps up its pressure on Russia for Vladimir Putin’s attack on Ukraine.  

The Downstream Impacts of the Russian Energy Ban 

Record high gas prices have fueled already high inflation and will have significant implications on policy, earnings, and many supply chains for the foreseeable future. According to the International Energy Agency, U.S. imported approximately 700,000 barrels of oil per day from Russia in 2021.

The United Kingdom is gradually detaching itself from Russian energy, and the European Union is cutting gas imports from Russia by two-thirds this year. Although the economic impact from the loss of Russian energy is much more significant for Europe than for the U.S., other supply chain consequences exist. 

Understanding Russian Energy Buyers

Data analysis by Interos found over 120 distinct U.S. entities that directly buy from Russian firms in the oil, gas, and consumable fuels sector. Looking further into the supply chain, the number of relationships grows to over 33,000 U.S. entities for Tier 2 suppliers and 157,000 for those at Tier 3. 

Most of the direct buyers of Russian energy are in the same or similar industries, but, notably, some are in sectors as diverse as software, retail, and food products. 

The relatively high numbers of U.S. buyers connected to Russian energy suppliers beyond tier 1 are significant considering how little the country directly depends on Russian energy. 

Even for those companies in which a Tier 1 supplier is not specifically dependent on Russian energy or impacted by the import ban directly might experience disruption further down the line. 

This could result from indirect relationships and dependencies that they may not be aware of. It also underscores the complexity and interconnectedness of global supply chains and the importance of having tools to identify and evaluate a company’s broader risk exposure. 

Impacts Felt in the United States

Although the US does not import enough Russian energy to significantly impact the Russian oil industry on its own, the move is still impacting energy prices and further pressuring other countries.  Indeed, many energy companies are severing relationships beyond what the EO requires.  

Although Europe is indeed more dependent, oil is a global commodity. It is traded almost exclusively in US dollars and these changes will affect the entire supply chain, both in terms of prices paid and further delivery delays. This will have a far-reaching impact on the energy and marine sectors.  

Stakeholders with connections to the energy and shipping sector will be immediately impacted and are required to examine their operations, supply contracts and charter parties to determine if the EO applies to them 

We expect even more restrictions to be imposed as the invasion sadly continues. 

For more information on the supply chain impact on the crisis in Ukraine, please visit our Ukraine Crisis Resource Center. 

Expanded analysis on Europe – Ukraine supply chains shows hidden connections

Posted on by interos-blogger

A comment from a Volkswagen executive in the Wall Street Journal this week sums up the challenge facing many European and international companies when it comes to the crisis in Ukraine. “Ukraine is not central to our supply chain, but suddenly we discovered that when this part is missing, it is.”

The war has already taken an extraordinary toll on individuals, families, and communities in Ukraine. Another added layer of anxiety comes from employees and businesses not knowing the full extent of their commercial ties and dependencies on Russia or Ukrainian supply chains in their extended supplier networks.

European reliance on Russia/Ukraine supply chains is greater than it seems

Bad intelligence derived from opaque supply chains can have perilous implications on businesses and individuals. For instance, data from Interos’ global relationship mapping platform shows that less than 250 German companies have direct tier-1 suppliers in either country. But, when the focus is expanded to include their suppliers’ suppliers the number of connections jumps massively.

Germany-based firms across all industry sectors have:

  • Tier-2 connections with more than 1,600 suppliers in Ukraine, and over 7,500 in Russia
  • Tier-3 connections with more than 12,200 suppliers in Ukraine, and over 18,200 in Russia

Broadening the focus to the European Union as a whole plus the UK, the number of tier-2 and tier-3 connections with Russian and Ukrainian suppliers is greater still:

  • More than 8,200 European firms have tier-2 suppliers in Ukraine, and over 38,000 have tier-2 suppliers in Russia
  • More than 109,000 European firms have tier-3 suppliers in Ukraine or Russia

A survey of German supply chain and procurement executives conducted by Gartner last year found that 80%  of companies thought they had good visibility of tier-1 suppliers (more than three-quarters of companies, parts and locations known). However, only 7% said the same about tier 2, and only 5% about tier 3.

Given these findings, the fact that a company like VW is unaware of its risk exposure to the war Ukraine until critical parts stop arriving at its car factories should come as no surprise.

In a lean and just-in-time industry like automotive, where every part is critical no matter how cheap or small, the impact of disruption is more immediate than in other sectors. Which is why VW stopped production at its plants in Zwickau, Dresden and elsewhere this week.

Visibility helps companies respond to crisis

European supply chain leaders – like their counterparts in the U.S., Asia and elsewhere – may not have all the data they need to optimize their scenario modelling and risk mitigation strategies, but they are working towards improving  these capabilities.

Gartner’s 2021 supply chain risk and resilience study found that “better supply chain visibility” was the biggest area for improvement. 70% of the sample ranked it in their top three. 40% said it was their number one priority.

  • Almost two-thirds of respondents (64%) said they were working on multi-tier mapping now, compared with only a fifth (19%) who said they had processes in place previously.
  • Almost three-quarters (73%) said they were looking at technologies to help them map their multi-tier supply chains and improve visibility – compared with just 11% who had already done so.
  • More than half (57%) said that having “better supply chain risk tools/technologies” was a top 3 priority for improving risk management in their businesses.

Many of these improvement efforts and investments will not come in time to enable European companies to avoid supply chain disruptions stemming from the war in Ukraine. It is also unlikely that most businesses have insulted themselves from the impact of sanctions imposed on Russian firms as a result of Putin’s invasion.

This horrific and unjustified conflict has already upended decades of conventional thinking about war and international business, as well as the supply chains that underpin them. The data on tier visibility shared above is crystal clear evidence that despite limited immediate connections, deeper analysis shows just how interconnected and interdependent our economies, businesses, and people are.

Greater awareness of the level and nature of that interdependence is essential to building a supply chain and business community that can withstand immense shocks and continue to provide essential services and information in times of crisis.

Continue to follow the Interos Crisis Resource Center and Blog as the crisis evolves in Russia and Ukraine. We will continue to post supply chain information and insights as they become available.

Russia/Ukraine: Aerospace & Defense Face Heightened Cyber Risk

Posted on by interos-blogger

Russia’s invasion of Ukraine and the imposition of sanctions by the U.S. and European countries has raised the cyber risk profile of aerospace and defense companies. Amid continued financial and economic fallout, there are concerns about an escalation in cyber-warfare that is fueling worries among western companies of a large-scale retaliatory cyber attack.  Several Ukrainian government websites have already been taken offline. Recent ransomware and other attacks against U.S. and European firms ranged from logistics (Expeditors International) to mobile communications (Vodafone Portugal) to fuel distribution (Marquard & Bahls) and food products (KP Snacks). All of these incidents caused severe services and supply chain disruption.

Authorities have attributed these attacks to cyber-criminals rather than nation states. Still, the Cybersecurity & Infrastructure Security Agency (CISA) recently posted a “Shields Up” warning to U.S. organizations. It urges them to take steps to protect critical assets against possible Russian government attacks. The UK’s National Cyber Security Centre also advised British companies to ensure their cyber defense measures are up to date.

Interos Insight on Cyber Risk

In addition to energy and critical infrastructure providers, companies in the aerospace and defense (A&D) industry are obvious targets for such attacks, both for denial of service and intellectual property theft. Their strategic importance to national security is one obvious reason, but another is high levels of concentration risk in the sector due to specialized products A&D firms rely on.

Concentration is a well-understood, but vitally important and often ignored risk in supply chain security. It refers to a cluster or a shared supplier within a supply chain. A cyber attack against Western companies could have disastrous effects.

If a shared prime A&D supplier were disrupted by a Russian cyber-attack, it could have a strong ripple effect across the entire sector – much as the shutdown of Taiwanese chip makers during Covid-19 ground U.S. automotive production lines to a halt.

Looking Inside the Numbers

To gauge the extent of concentration risk in A&D, Interos took the 2021 top 100 list of defense contractors published by the industry publication Defense News and used our global relationship data graph of more than 350 million entities to map their extended supply chains.

We found that this group of top defense contractors have 1,755 suppliers in common. This included six of the top 20 suppliers to the industry. One of these six suppliers had 27 separate connections to the top defense contractors. And the list doesn’t only include component and material suppliers, but also banks and financial institutions. Indeed, 29 of the A&D companies use the same bank, according to our proprietary data. The over-reliance of many defense companies on a limited number of suppliers makes them vulnerable to disruption if those shared suppliers are compromised. That compromise could come in many forms: a cyber attack, operational failure, or other unforeseen event. Most of the top defense contractors’ shared suppliers had strong cyber and financial risk scores, based on the Interos i-Score model. However, those scores began to weaken further down the list.

This does not mean that these top defense contractors are currently impacted by a new cyber threat from Russia. But the existing level of concentration risk revealed in the data, which is not atypical, could magnify the damage of a large scale cyber attack.

Because CISA’s “Shields Up” warning was directed to US companies, suppliers based outside of Western Europe and the U.S./Canada may not be responding in the way that is necessary. Criminal hackers pose a significant threat to companies with inadequate cyber security measures. State-sponsored hackers can draw on vastly bigger resources. They are therefore likely to be more successful in disrupting critical supply chains.

During this time of war, companies should make taking care of any employees affected by the devastation their first priority. And regardless of how the potential cyber threat posed by the immediate crisis plays out, companies need to monitor their supply chains for cyber risk and other sources of supply chain risk. Software supply chain attacks grew by more than 300% in 2021 compared to 2020. We expect them to increase even further in the coming years. A careful and continuous assessment of a supplier’s security posture, and their overall risk profile, will be critical to helping insulate organizations and their stakeholders from supply chain cyber attack or other disruptions.

Continue to follow the Interos blog as the crisis evolves in Russia and Ukraine. We will continue to post supply chain information and insights as they become available.

Critical Questions for Business Leaders with Commercial Ties to Russia and Ukraine

Posted on by Jennifer Bisceglie

Over the past few days, we’ve been in close contact with a range of customers and businesses who are trying to determine the best path forward as the conflict escalates in Ukraine and as more multinational companies decide to dissolve, cut back or suspend operations in Russia.

As we engage these leaders and provide technical and in-kind support to help vulnerable and displaced communities devastated by this invasion, I wanted to take a moment and share some of the challenges facing our commercial and government partners at the moment and the counsel we are providing. Our hope is that some of this is helpful as you think through your own considerations.

CEOs and other prominent business leaders are confronting tough questions about their commercial connections to Russia. These questions can be difficult to answer given the complex interdependencies of today’s global supply chains. Consumers and employees want to know whether business relationships with the Russian government or Russian companies will be discontinued. Many more want to better understand how the invasion has impacted companies or their suppliers.

Large companies quickly curtail Russian operations

CEOs must be prepared to to answer these questions and some already have taken action. BP is expecting to take a $25 billion hit after its decision to cut ties with the Russian state-owned energy firm, Rosneft. Twitter has ceased selling ads in Russia and has added special labeling to tweets sharing Russian state-produced media. YouTube blocked Russian channels from earning ad dollars. Several prominent law firms and lobbyists have dropped Russian clients. Meta has established a special operations center and is prohibiting Russian state media from running ads or monetizing on its platform anywhere in the world. And just within the last 24 hours we’ve seen Delta, DHL, UPS, FedEx, Dell, Maersk and Shell announce significant measures to curtail operations in Russia.

While not all companies can move swiftly, CEOs need to communicate their organizations’ status and intentions with all critical stakeholders. This includes identifying business partners in Russia and employees from Russia who perform work delivered abroad. It also requires a clear rationale for firms who are not immediately severing ties with Russian commercial connections.

According to a recent LumApps/CMS poll, 76% of employees surveyed said they want to work for companies with a strong social impact. Employees will be carefully watching the actions their companies and organizations take. Business leaders should over-communicate to employees all efforts in the name of transparency.

Key questions you need answers to:

As the war in Ukraine continues, business leaders should also answer the following questions to ensure operational resilience, and maintain trust with their employees and customers:

  • Do you have long-term plans to accommodate impacted employees in Russia and Ukraine?
  • Have you developed a plan to work with relief organizations in Ukraine?
  • Do you have visibility into your supply chains beyond first- and second-tier suppliers?
  • Have you evaluated required levels of inventory and labor in the short to medium term?
  • Are you actively discussing business continuity plans with key suppliers?
  • Do you have contingency plans in place to switch to, or qualify, alternative sources for essential products and services?
  • Are you prepared for cyber attacks?
  • Are you in close contact with your people and suppliers in other parts of Eastern Europe?
  • Are you tracking new sanctions and export controls from various markets?
  • Are you in contact with your elected officials in the U.S. and Europe as conditions continue to evolve?
  • Has your organization developed an integrated communication plan that includes timely updates to employees, customers, suppliers, investors, government officials and media?

With proper analysis, planning, and unyielding  compassion for every person and business caught up in this tragedy, it is possible to mitigate significant risk, ensure operational resilience, and avoid supply chain disruption.

Interos will continue to update our blog with updated supply chain data and insights as the events in Ukraine evolve. Please check back frequently and reach out to help provide visibility into your supply chain to ensure all business relationships meet company standards. Most important, keep the people of Ukraine in your thoughts. The world can and must help all nations find a path to peace.

Supply Chain Disruption from the Russian Invasion of Ukraine

Posted on by interos-blogger

*The statistics in the blog below have been updated following a deeper analysis of the supply chain. We are continuing to monitor the highly volatile situation in Ukraine and will update this piece accordingly as new information becomes available. 

The Russian invasion of Ukraine has the potential to cause extensive and debilitating supply chain disruption across the globe. This may result in rising input costs to a heightened threat of cyber attacks.

Russia and Ukraine Supply Chains Key to Global Economy

Today thousands of U.S. and European companies do business with suppliers in Russia and Ukraine. Many of them could be at risk during a prolonged military conflict. Analysis of global relationship data on the Interos platform reveals critical findings:

  • More than 2,100 U.S.-based firms and 1,200 European firms have at least one direct (tier-1) supplier in Russia.
  • More than 450 firms in the U.S. and 200 in Europe have tier-1 suppliers in Ukraine.
  • Software and IT services account for 13% of supplier relationships between U.S. and Russian/Ukrainian companies. Consumer services represent another 7%. Trading and distribution services account for about 6%, while industrial machinery counts for about 4%. Oil, gas, steel, and metal products account for other everyday items purchased from the two countries.

The proportion of U.S. and European supply chains that include tier-1 Russian or Ukrainian suppliers is relatively low. This increases substantially when incorporating indirect relationships with suppliers at tier-2 and tier-3.

  • More than 190,000 firms in the U.S. and 109,000 firms in Europe have Russian or Ukrainian suppliers at tier-3.
  • More than 15,100 firms in the U.S. and 8,200 European firms have tier-2 suppliers based in Ukraine.

Supply chain and information security leaders in U.S. and European organizations should review their dependence on Russian and Ukrainian suppliers at multiple tiers. This is a key first step in assessing risk exposure in the region and ensuring operational resilience.

Supply Chain Interruption: 4 Major Risks

The many connections between US, European, Russian, and Ukrainian businesses highlight the potential for supply chain disruption.

In the event of a Russian invasion of Ukraine, four major areas could spark supply chain disruption:

Commodity price increases

Energy, raw material, and agricultural markets all face uncertainty as tensions escalate. Russia provides over a third of the European Union’s natural gas, and threats to this supply could force up prices when companies and consumers are already facing higher energy bills. Natural gas supply pressures likely would spike volatility in other energy markets too. By one estimate, an invasion could send oil prices spiraling to $150 a barrel, lowering global GDP growth by close to 1% and doubling inflation. Even lower estimates of $100 a barrel would cause input costs and consumer prices to soar.

Food inflation is another risk that may cause supply chain disruption. Ukraine is on track to being the world’s third-largest exporter of corn, and Russia is the world’s top wheat exporter. Ukraine is also a top exporter of barley and rye. Rising food prices would only be exacerbated with additional price shocks, especially if Russian loyalists seize core agricultural areas in Ukraine.

A conflict could continue to squeeze metal markets. Russia controls roughly 10% of global copper reserves and is also a significant producer of nickel and platinum. Nickel has been trading at an 11-year high, and further price increases for aluminum are likely with any disruption in supply caused by the conflict.

Firm-level export controls and sanctions

U.S. and European export controls could exacerbate commodity cost pressures. The use of such controls to restrict certain companies or products from supply chains has soared over the last few years. While many have been aimed at Chinese companies, a growing number of Russian firms have been earmarked for export controls for “acting contrary to the national security or foreign policy interests of the United States.”

Not surprisingly, U.S. companies and business groups are urging the government to be cautious in how it applies any new rules. Prominent Russian companies already on a U.S. restrictions list include Rosneft and subsidiaries, and Gazprom. Extending export controls and sanctions to Gazprom’s subsidiaries, other energy producers and key mining and steel market firms could further impact supply availability and input costs.

U.S. and E.U. export controls would also likely target the Russian financial sector, including state-owned banks, as a deterrence tactic. U.S. officials have noted that any sanctions would be aimed at the Russian financial sector for a “high impact, quick action response.”

Cyber security collateral damage and supply chain turmoil

Entities linked to malicious cyber activity may also face further repercussions from the U.S. and its partners. Ukraine is certainly no stranger to Russian cyber aggression. Russia has twice disrupted the Ukrainian electric grid, first in December 2015, leaving hundreds of thousands of Ukrainians in the cold, and again the following year. But destructive attacks on the country’s infrastructure could also spark significant collateral damage in global supply chains.

In 2017, the NotPetya attack on Ukrainian tax reporting software spread across the world in a matter of hours. The attack disrupted ports, shut down manufacturing plants, and hindered the work of government agencies. The Federal Reserve Bank of New York estimated that victims of the attack, including Maersk, Merck, and FedEx, lost a combined $7.3 billion.

This figure could pale compared to the global supply chain impact of a Russia-Ukraine military conflict, which would inevitably include a cyber element. Whether Russia would target its cyberwar playbook at U.S. or E.U. targets in retaliation for any support to Ukraine remains hotly debated. But the Cybersecurity Infrastructure and Security Agency (CISA) has been urging U.S. organizations to prepare for potential Russian cyberattacks, including data-wiping malware, illustrating how the private sector risks becoming collateral damage from geopolitical hostilities.

Geopolitical instability

Cyberwarfare would be unlikely to remain within Ukraine’s borders. Thus the destabilizing effect of a Russian invasion could have wider geopolitical ramifications. In Europe, a refugee crisis could emerge, with three to five million refugees seeking safety from the conflict. In Africa and Asia, rising food prices could fuel popular uprisings. Of the 14 countries that rely on Ukraine for more than 10% of their wheat imports, the majority already faces food insecurity and political instability.

China is watching closely to see how the world responds if Russia invades Ukraine. The superpower has its own aspirations of seizing territory and extending its sphere of influence. Taiwan’s defense minister has remarked that tensions over Taiwan are the worst in 40 years. A Russian invasion could further embolden China to enlist military tactics against Taiwan. In addition to far-reaching geopolitical implications, this would have a significant impact on electronics and other global supply chains.

How to Stop Supply Chain Disruption

Many of these risks may not materialize and represent a worst-case scenario. But executives should think carefully about the potential impact of a Russia-Ukraine military conflict. These leaders need to ensure appropriate contingency plans for their most critical supply chains and riskiest suppliers in the region.

Risk mitigation strategies include:

  • evaluating required levels of inventory and labor in the short to medium term;
  • discussing business continuity plans with key suppliers; and
  • preparing to switch to, or qualify, alternative sources for essential products and services.

With the right technology to enable proper analysis, planning, and execution, it is possible to mitigate significant risk, ensure operational resilience, and avoid supply chain disruption. For more information about the Interos platform and how it can help with this process, visit interos.ai

The Importance of Third-Party Risk Management

Posted on by interos-blogger

The SolarWinds supply chain breach remains one of the most striking examples of top third-party risks being realized in recent history, exposing the information of some of the world’s most prominent companies and numerous high-profile government agencies.

It was not just the approximately 18,000 organizations, though, that were directly exposed, but countless business partners, service providers, suppliers, customers, and prospects that found themselves victims as well. In total, the breach cost victims an average of $12 million. 

While already well known, the SolarWinds attack further exposed the fragility of a global economy that thrives on third-party relationships. These relationships help organizations improve performance and backfill talent and supply shortages, especially during the pandemic, but also broaden the attack surface for threat actors. 

In a new study, “Third-Party Risk: A Turbulent Outlook,” Interos and the Cyber Risk Alliance surveyed more than 300 technology leaders to better understand how well organizations understand and manage top third-party risks. 

What You’ll Find In The Third Party Risk Management White Paper

The survey highlighted the depth of third-party relationships and the need for improved risk management. On average, the majority of respondents (76%) contract with up to 25 different vendors, business partners, brokers, contractors, distributors, agents, and resellers. For large enterprises (companies with more than 10,000 employees), an astonishing 15% relied on more than 250 third-party providers. 

Virtually all organizations (95%) indicated partnerships with IT software, platform, or service providers. This is not to say that these partnerships are bad – they enable today’s lightning-fast global delivery system. 

Other key takeaways from the survey: 

  • 60% of respondents experienced an IT security incident in the past two years due to a third-party partner with access privileges. The most-likely consequences were the theft of sensitive data or a business outage. 
  • While 52% of those who experienced third-party related attacks indicated they lost less than $100,000 in damages, another 45% incurred higher costs, with a few paying $1 million or more. 
  • Victims impacted by the SolarWinds supply chain attack suffered everything from day-long shutdowns to crucial data leakages. 
  • Perhaps because of real or perceived threats from SolarWinds and similar top third-party risks, 70% of respondents ranked cyber the No. 1 or No. 2 risk among their third-party/supply chain partners. 
  • Supply chain visibility is more essential than prior to the pandemic. Almost everyone wanted increased visibility, with 72% believing that tracking components, sub-assemblies, and final products was very or critically important. 
  • More than three out of four (76%) IT leaders and influencers rated managing third-party risk as a high or critical priority at their organizations — for most respondents (74%) this priority has increased in importance since 2020, when the pandemic created major micro and macro business disruptions, including supply and workforce shortages. 
  • Nearly half of all respondents (45%) said they implement the guidelines within the NIST Cybersecurity Framework in their third-party vendor assessments. 

Third-Party Cyber Risk Management Has Never Been More Important

The survey found that the vast majority of respondents (72%) called supply chain visibility important, but only a small fraction actually had adequate insight into their suppliers. 

In reporting their highest level of supply chain visibility, 41% had visibility only on their most critical third–party direct dependencies, while 26% could see the full map of interdependencies across all tiers in their supply chains. 

The Covid-19 pandemic was regularly shared as a reason for lowered visibility. When asked about specific challenges in managing third-party risk, the top answer was a lack of qualified staff to implement a management solution (30%) and the ability to accurately assess and manage a large number of partners (26%). 

To better manage top third-party risks, Interos advises companies to prioritize risk management and follow industry standards and guidelines such as the NIST Cybersecurity Framework. They should also adopt multiple methods to vet third-party providers, and continually reassess third parties for risk, among other solutions highlighted in the report. For more information about how Interos platform can help to assess and address these risks, visit interos.ai

What’s on the Radar for Supply Risk Management in 2022?

Posted on by interos-blogger

Mitigating supply risk and meeting high organizational expectations needs a world class early warning system. Here’s how to create one.

Supply chain issues have become a dinner table discussion topic for people around the world as shipping delays and basic product availability issues abound. Everyday shopping has been impacted and we’ve seen increasing holiday season angst as supply networks and retailers have struggled to keep up with demand.

With millions of dollars in lost revenue, unexpected mitigation costs, and reputational damage on the line, it’s no surprise that for many organizations supply risk has become a frequent board-level discussion topic. At the same time, due to the efforts of individuals and teams to counter the past 18 months’ supply chain disruption, expectations of what procurement can achieve has been elevated to a high level.

While predicting future supply chain disruptions isn’t necessarily impossible, it’s not realistic to think we’ll be able to predict 100% of future disruptions 100% of the time. And yet, with digital transformation and the use of big data, we can start to identify vulnerabilities more accurately and more easily in our extended supply networks and plan for disruptions to lessen the impact to our businesses.

Developing a World Class Early Warning System

Procurement and sourcing leaders are aware that current supply network risk data is rife with blind spots. Existing processes for evaluating new suppliers and assessing risk are too inconsistent, and often too shallow to uncover the hidden risks. Ongoing supplier reviews are too infrequent and often rely on outdated information. Too little visibility into sub-tier suppliers of critical components and materials leaves too much exposure to the complex interdependencies of our extended supply networks.

So how are procurement leaders planning to uncover hidden risks in their supply networks and become more proactive in identifying and managing disruptions? Based on conversations with supply chain and procurement teams, here are a few of the actions that we’ll see more of in 2022:

1. Taking a broader view of supply chain risk management

So many factors can contribute to supply risk. Financial strength is a universally accepted risk indicator – if the supplier is struggling financially, they pose a risk of long-term capability to support your business. Cash flow challenges may lead to sub-par quality and service levels, an inability to reinvest in the business, or a lack of future innovation that benefits both buyer and supplier. It comes as no surprise that this is one risk indicator that most organizations review for new suppliers.

A growing emphasis on operational and location-based risks is expanding the set of factors that procurement and sourcing teams are evaluating, especially as COVID-related shutdowns have exposed companies’ over-reliance on certain regions. Geographic concentration; geopolitical trends and events; changing regulatory, restrictions and sanctions lists are all causing an expansion of relevant risk indicators for supplier assessments.

The escalation of cyber-related risks such as data breaches and ransomware attacks pose a serious challenge to digital supply chains. And ESG performance is not only a reputational risk but is increasingly becoming codified into regulations that carry a significant financial penalty for organizations.

All of this is causing procurement teams to take on a broader view of supplier risk. And they are looking at a new set of solutions to automate the collection, compilation, and scoring of this information in a single, encompassing view of multi-factor supplier risk.

2. Consistency in new supplier evaluation

Incomplete survey responses, narrow focus of questions, lack of validated data, and lack of time. All of this compounds the challenges of thoroughly reviewing each and every supplier, especially as organizations are growing their businesses and shifting their supply chains. Procurement teams are hustling to keep up with the pace of business requests for new sources of supply, and all too often different teams are taking wildly different approaches to evaluating supplier risk.

Expanding the aforementioned breadth of risk indicators can help drive a more consistent approach to how suppliers are evaluated for vulnerabilities and risk to the organization. But expanding that approach across the entire organization can only be achieved if the risk scores and underlying data is readily available and embedded into the supplier assessment process.

When Machine Learning and Natural Language Processing is applied to big data gleaned from hundreds of available sources, pre-assessed risk scores can augment supplier self-reported information without the long lead times involved with surveys and questionnaires. Instant access to multi-factor risk scores on each supplier being vetted will enable the adoption of a more consistent and thorough review of all suppliers without increasing the workload on individual evaluators.

3. Diving deeper into supplier sub-tier relationships

A recent report from the Business Continuity Institute indicated that 40% of COVID-19 related supply chain disruptions were traced to sub-tier suppliers. In my own conversations with procurement leaders, the extended supply network is gaining increased importance in terms of gaining visibility into supply risk.

Identifying and tracing sub-tier suppliers has long been a challenge for procurement and supply chain teams. But the recognition that a disruption or failure anywhere upstream in your supply chain could cause devastating ripple effects has become all too clear during the pandemic, as buyers increasingly felt the impacts of material shortages, work slowdowns, and logistics challenges far removed from their own businesses.

New supply network mapping initiatives are gaining steam, as are new technologies that identify and map global buyer-supplier-partner relationships that go beyond the link-by-link Bill of Materials (BOM) tracing that has been the traditional goal. Today’s complex interdependencies between supply partners require a much broader and deeper view of trading partners, to understand where vulnerabilities exist that could impact the supply chain.

4. Continuous monitoring and ongoing evaluation

Checking the box on initial supplier due diligence and periodic reviews is so 2018. “We didn’t see that coming” is a response that will generate hard stares and uncomfortable questions in the face of supply chain disruptions.

Supplier performance management has been a relatively real-time pursuit, particularly since the data on order accuracy, on-time delivery, quality and responsiveness is fairly easy to access using internal operational data.

We’re seeing a shift towards a more continuous monitoring of supplier risk factors to gain a real-time view into potential problems and vulnerabilities. Rather than focusing on annual reviews of critical suppliers, or of those who have struggled in the past, procurement teams are recognizing that it’s the supplier who is seemingly doing fine that can cause havoc with little warning.

Combine a broader view of risk indicators with a deeper view of risk throughout the extended supply network. Add continuous monitoring of those multi-factor, multi-tier risk indicators, and you get an early warning system of potential or real-time disruptions that provide the ability to proactively mitigate those risks.

COVID-19 case increases triggering a port lockdown in a region full of critical suppliers – that’s an alert procurement teams want to get before materials and goods stop flowing. Geo-political unrest or a catastrophic weather event endangering a region heavily populated by raw material suppliers – the earlier that can be seen, the faster procurement can respond and find alternatives.

The Path Forward in Supply Risk Management

These are exciting and challenging times to be in procurement and supply chain. Now more than ever, supply risk management, contingency planning, and supply continuity initiatives are highly visible, critically important, and generating executive-level commitment and funding from organizations.

This is leading to real, impactful changes to the ways that procurement organizations are engaging their supply network to understand, root out, and mitigate risks to their businesses. New technology solutions that provide better initial screening and ongoing monitoring of multiple risk factors across multiple tiers of the supplier network are delivering organizations with the real-time visibility they need to identify vulnerabilities and enact an early warning system to possible disruptions in their supply chains and improve supply chain management.

Predicting the future is impossible but preparing for it is not. From early indicators of on-coming chaos, to warning signs and priorities, you need to know how to spot risks in order to mitigate them.

Author: Greg Holt

RSA 2021 Recap – Supply Chain Resilience & Techtonic Geopolitical Shifts

Posted on by Andrea Little Limbago

2020 was a global inflection point for supply chains – and so much more. Economic nationalism, a splintering internet, and geopolitical tensions were simmering long before 2020, but were accelerated by the pandemic. The global shock also deepened the growing global divide between authoritarian and democratic ideologies around technology, expediting the emergence of distinct technospheres of influence. Driven by geopolitical shifts and the rapid evolution of emerging technologies, these tectonic shifts are already reshaping and redefining global supply chains. At last week’s RSA, I had the opportunity to discuss these global shifts and what forward-leaning companies should consider when seeking “Supply Chain Resilience in a Time to Techtonic Geopolitical Shifts”.

In addition to the horrific human toll, the COVID-19 pandemic punctuated the global order between Before Times and the post-pandemic era.

A Tale of Two Techno-Ideologies

The Chinese model of digital authoritarianism has spread aggressively. The model leverages technology to surveil, repress, and manipulate domestic and foreign populations. The tools and tactics inherent in this techno-ideology increasingly wreak havoc on both citizens and supply chains. With the steady beat of digital supply chain attacks, internet shutdowns, digital sovereignty stifling cross-border data flows, and government surveillance and mandates to access data, the digital authoritarian model is taking root across the globe.

A counter-weight is starting to emerge based on the aspirational visions of a secure, open, trusted, and free Internet. This nascent digital democracy model is beginning to address security and privacy through a multi-stakeholder lens and prioritizes collaboration and cooperation as well as individual data rights and protections.

Just as these distinct approaches continue to accelerate the splintering of the Internet, they are now leading to a splintering of supply chains and the technologies that undergird them. Government and private sector entities alike are increasingly reimagining supply chains based on trustworthy networks – with a specific focus on trusted suppliers and products.

Techno-spheres of Influence & Their Impact on Supply Chains

How are these divergent ideologies impacting global supply chains? There are (at least) three core areas: trade wars, regulatory shifts, and global hot spots. In each of these, geopolitics and diverging approaches to technology are changing the risk calculus and cost of doing business at home and abroad.

  • Global Trade Wars: Just as the weaponization of cyber has shifted power structures across the globe, so too is the weaponization of trade. Governments are increasingly seeking to leverage industrial policy for national interests. Weaponized cyber programs are being paired with specific industrial policies to threaten supply chains. As the IMF recently summarized, “Technology wars are becoming the new trade wars.” And these technology wars are further exacerbated by opposing perspectives on the rules and norms surrounding the use of technology.

These disputes continue to influence corporate decisions regarding reshoring, onshoring, as well as alternative suppliers especially when geographic concentration risks are considered. In recent surveys, almost a quarter of companies plan to relocate supply chains and three-quarters have enhanced their scope of existing reshoring. Tariffs and market pressures have driven many of these changes, but a shifting regulatory landscape provides additional fodder for reassessing supply chain resilience.

  • Regulatory Shifts: To offset the risks posed by digital authoritarians, democracies across the globe have begun to prohibit or restrict foreign technologies. The U.S. Departments of Commerce, Treasury, State, Homeland Security, and Defense have all produced an uptick in export, re-export and capital flows restrictions. As the chart below highlights, the Bureau of Industry and Security at the Department of Commerce alone has added over 350 different Chinese entities to restricted lists since 2019.

Many countries are also leveraging industrial policy, such as the patchwork of 5G restrictions within Europe as well as India and Australia. China has also implemented its own unreliable entity list which could further pose challenges for global brands. Finally, the data protection and privacy landscape provides one more layer of complexity. Many countries are crafting similar laws to the GDPR. On the other hand, some nations are creating regulations in the mold of Cambodia’s internet autarky, Kazakhstan’s digital certs, and Ecuador’s all-seeing eye. All of these policy approaches introduce localized data risks.

  • Global Hot Spots: While major power competition dominates national security discourse, global supply chains are also impacted by a rise in instability. Cyber and emerging technologies have introduced asymmetric power, wherein small countries can have an oversized impact due to the minimal resources and diminished price required to harness offensive cyber or emerging technologies. North Korea, Russia, and Iran are the usual suspects when considering the asymmetric nature of power, especially when considering the reach of campaigns such as SolarWinds or Iranian and North Korean campaigns against the financial industry.

Similar capabilities are now available across the globe and further exacerbate instability and unrest. For instance, Vietnam and Lebanon both have advanced persistent threat groups (APTs) linked to global campaigns. Meanwhile, localized conflicts between Armenia and Azerbaijan, Western Sahara and Morocco as well as the Tigray region have integrated foreign-made drones and disrupted energy markets, trade routes, and manufacturing supply chains, respectively.

Building Operational Resilience Amidst Techtonic Shifts

What can be done to build resilience under these dynamic conditions? First, a collective security approach is essential. As a Wall Street Journal logistic report noted, “A substantial investment in securing customer data at one company can easily be undermined by a supplier with weak financial incentives for safeguards.” Second, in preparing for the ‘new normal,’ avoid the inherent inclination to prepare for yesterday’s risks and disruptions. This is not simply a new Cold War or the end of globalization, but rather a new order that includes risks new and old. Finally, gaining visibility across your entire supply chain ecosystem – as well as the data that flows through it – is paramount. Data and privacy risks are increasingly localized, and borders do exist on the internet.

Of course, these ongoing global shifts introduce a range of challenges. Decoupling and reshoring are expensive and costly, but it is important to keep in mind that it is not an all-or-nothing approach: We must prioritize based on criticality and dependencies. Keeping up with the regulatory shifts is also increasingly difficult, especially since some of these changes may occur below the radar if you don’t have a way to track them. And of course, mental models are hard to shift. It’s easier to assume the new normal will look like it did in Before Times, but that could leave organizations ill-prepared for tomorrow’s disruptions.

Despite these challenges, there are also significant opportunities. Resilience can be a competitive advantage. Preparations now for the range of disruptions will pay off down the road. Collective security and collaboration can further strengthen resilience and help lead to more trustworthy and reliable networks. Finally, technology can help overcome blind spots and provide greater visibility and insights into the range of current and potential future disruptions.

Now is the time to either shape the future or be shaped by it. Based on the fascinating interactive Q&A session at RSA, there seems to be growing interest in these shifts and desire to do the hard work of building more resilient supply chains. Now it is on us to avoid a collective failure of imagination and reimagine supply chain resilience on par with these tectonic shifts.