The digital revolution is putting supply chain data at risk

Supply chains are more reliant on new digital technologies than ever before, with electronic data at the heart of every stage of the sourcing, manufacturing and distribution process. This digitization has seen the transfer of data evolve from a notoriously slow, clunky process, involving the transmission of information packages piece by piece, to a nearly constant stream of data between trading partners. Globally, the scale of this information sharing is huge. Cisco has predicted that by 2020, more than 61,000GB of data will travel via the internet each and every second, compared to a measly 100GB a day in 1992.

While this comes with countless benefits for big business, it also presents an enormous challenge in the form of data and IT security risks. Like natural disasters, IT security breaches are unpredictable and often carry a high financial impact. With an increasing number of data breach stories hitting news headlines around the world, it's unsurprising that supply chain professionals are anxious about becoming the next big victim of a cyber-attack.

Data security concerns are soaring
The proliferation of data and rise of digitization has created a new level of complexity and risk within supply chain. Add to this the already vast matrix of suppliers and partners that supply chain managers have to handle, and it is easy to appreciate the difficulty of gaining visibility into suppliers and processes. Along with this, it is becoming harder to understand exactly how new technology is being integrated and deployed across supply chains. Which begs the question: as complexity only increases, how can you begin to implement the necessary IT security measures to protect every inch of your supply chain?

This question is clearly weighing heavily on the minds of supply chain professionals. In our most recent Future of Supply Chain survey, issued at the end of last year, ‘data security/IT incidents' was named as the most critical risk to supply chains, with 30% of the 1,4009 respondents saying that they were ‘very concerned'. The level of anxiety about data security incidents also rises with seniority. Among the 126 respondents in Senior Vice President roles or higher, 37% reported being ‘very concerned'. But what's even more interesting is that over the last four years, this concern has risen faster than any other, whether that be shipping or logistics disruptions, natural disasters affecting operational facilities or financial failure of a critical supplier.

Where are the risks coming from?
While industry leaders are singing the praises of new technology, such as machine-to-machine connectivity, remotely guided vehicles and digitally linked smart products, it is specifically these innovations that are exacerbating the risks around cyber-security. Layer these technologies on top of supply chain-specific information, including order data, engineering information, prices and contractual terms, and you can begin to paint a picture of the substantial challenges that connectivity is bringing to the supply chain world.

So, considering the rising risks of a cyber-breach in this data-driven environment, what can supply chain professionals do to protect themselves?

Scrutinize your suppliers
The 2016 Cyber Security Breaches survey by the UK Government found that only 34% of big businesses stipulate cyber-security standards for their suppliers. This is a large cause for concern, considering that 80% of all data breaches can be traced back to the supply chain.

In the face of this, it's important for supply chain professionals to understand and identify which direct and sub-tier suppliers connect to their companies' IT networks and systems, and exchange data with both these and cloud-based solutions. But it doesn't stop here: the internal security practices of IT vendors should also be under scrutiny.

To truly understand the operations of your suppliers, you need to ask some key questions:
a. Who are the supplier's strategic partners and subcontractors?
b. How do they manage their own supply chain risks?
c. Who do they purchase parts and services from?

Make security the norm
When you've gained a clear vision of the role of each of your suppliers, it's imperative and logical that their security standards match yours. When choosing new software solutions and IT programs, involve the data security team from the beginning of the procurement process and set a baseline IT and data security standard from the outset. This will mean you have a yardstick against which to measure a vendor or supplier's ability to meet your requirements. By integrating assessments of cyber risk when selecting IT vendors and then imposing a strict audit process, you will be in a much better position to ensure that data security measures are being maintained throughout the relationship.

Segment to prevent
If, after implementing these processes, you find that you have more confidence in the security standards of some suppliers than others, then it's time to start changing your relationship with them. Develop a graded system so that only those suppliers who have achieved the right level of security have permission to integrate to the maximum with your own systems, and keep those you are less sure of at arm's length. Consumer confidence is one of the most treasured possessions of business today, so don't put your customers' data in the hands of any supplier whose security credentials are less than impeccable.

Look across the organization
The sheer size of today's supply chains also exposes them to more risks than just cyber-attacks; intellectual property challenges, geopolitical issues and legal or regulatory changes can all cause problems. One source of support for supply chain professionals can therefore be colleagues in other departments – whether that's finance, risk management or compliance. Protecting an organization's supply chain isn't something that can happen in isolation – it has to be a team effort.

Moving target
There will never be a single solution to ensure the security of the supply chain. Cyber criminals will continue to employ increasingly sophisticated tactics to hack into supply chain systems, and the growth of sophisticated data management across international borders will bring its own problems. The potential for today's complex, multinational supply chains is vast, but to achieve this potential we need to remember to be constantly alert to the risks that come along with it.

Geraint John is a senior vice president of research at SCM World.

SC
MR