Supply chains have never been under greater scrutiny or pressure. The coronavirus pandemic has moved supply chain resilience from the business pages to front-page headlines. But while the immediate focus for many leaders is on keeping the cogs turning, many organisations are choosing this moment to start or continue exploring the benefits digital technologies can offer, both in responding to the crisis and creating long-term opportunities. As they do so, they’ll need to ensure a cyber security focus is central to their efforts – to protect their business and their customers and to fuel long-term competitive advantage.
Our global research of supply chain leaders shows there’s enormous appetite to move to the smart supply chain. Almost two-thirds of respondents (61 per cent) plan to implement significant improvements, aided by digital technologies, into their supply chain within the next three years. But the smart supply chain also brings a number of risks. Organisations are suddenly armed with a wealth of additional data, and this often needs to travel to others across the supply chain and out to empowered, informed customers who demand visibility and transparency. Intellectual property theft, industrial espionage and malicious interference in operations are all crimes made easier as supply chains increasingly rely more heavily on digital technology.
So, how can business leaders trust and secure the smart supply chain while reaping the benefits? There are three key steps:
First you need to understand your own digital risk. This isn’t a single audit or a one-off process. Nor is it the sole responsibility of one individual, such as a Chief Risk Officer or an IT lead. It needs to become an ongoing process that is owned at board level but implemented by all across the business who have any impact on the supply chain. There are six elements to the process:
Delivering the process requires a cross-functional team to be assembled including asset owners, IT leads, risk management experts, cyber security experts and business owners. Once the initial process is completed a period of embedding change and ongoing governance needs to be established.
Transform and energise your enterprise with a smart supply chain
All participants in a supply chain need confidence in the other businesses they’re linked to. Each organisation should be carrying out the continuous assessment we’ve described. But there’s also a need to work collaboratively to understand the overall risks and vulnerabilities across the smart supply chain, such as the third-party provider vulnerabilities that exposed Target to a data breach affecting 41 million customers. The various players will be at different levels of digital – and cyber security – sophistication. It’s important to remember you’ll only ever be as strong as the weakest link in the chain. In an ideal world securing the chain could involve running joint risk workshops or war-gaming scenarios together. In any event it’s important to make sure contracts include terms for cyber security.
Sharing of data is inevitable across smart supply chains. Together with the other participants in your chain, establish clear roles and responsibilities around data security and data sharing. Collaborate to design the end-to-end security architecture in a way that means the only data you each share is what’s needed by other participants to carry out their role. Where systems are closely integrated it’s essential to test them. That will allow you to identify any unintended consequences and establish the extent to which you could tolerate the impact of an attack or breach.
Cyber risk often comes from unexpected places. One trend we’re seeing is that those moving to the smart supply chain often adopt greener and more sustainable delivery methods like electric vehicles (EVs), drones and robots. But this infrastructure relies on digital connectivity. Chargers, vehicles and the associated command/control use automation to drive efficiencies. These are all targets cyber-attackers can exploit. There have been instances of smart EV chargers being compromised, taking whole fleets off the road.The chaos drones can create was brought home by the incidents at UK airports in 2018. And, by their nature, autonomous vehicles have a high level of risk in a cyber incident.
It’s all too easy to move from a small-scale pilot to a large rollout without giving much consideration to security. But security requirements should be built into procurement contracts and assurance testing part of the deal.Whatever technology you adopt needs to be ‘secure by design’, with the ability to monitor for cyber events, respond to them and patch or update to fix vulnerabilities.
Innovation in smart supply chains is moving fast. Cyber security is in danger of getting left behind. And it’s not just good sense to get better at it – it could bring commercial advantage. Those able to demonstrate the security of data and their supply chain resilience will be well placed to win the trust of both their customers and those along the broader supply chain. Long term, that will add to brand and shareholder value.
Discover all our insights related to COVID-19