“The human race has long appreciated that disruptions are part of life,” writes the staff at Logility, “they come in waves, and the best laid plans don’t always result in the outcomes we work to achieve.”[1] In Part One of this article, I noted that the World Economic Forum believes we have entered the age of the polycrisis — the simultaneous convergence of a number of crises. Adam Tooze, the Kathryn and Shelby Cullom Davis Professor of History at Columbia University, believes the term “polycrisis” is simply long-overdue recognition of what has been occurring for years. He asks, “Have we been living in a polycrisis [era] all along? Pandemic, drought, floods, mega storms and wildfires, threats of a third world war — how rapidly we have become inured to the list of shocks. So much so that, from time to time, it is worth standing back to consider the sheer strangeness of our situation. … With economic and non-economic shocks entangled all the way down, it is little wonder that an unfamiliar term is gaining currency — the polycrisis.”[2]
With the world in a state of constant turmoil, supply chains risks abound. Matt Gunn, Vice President for Global Marketing at Supplyframe, explains, “Most efforts to outpace disruption are ultimately limited by the physical and financial constraints inherent to moving goods around the globe. Whether it is a hurricane or factory fire, new trade regulation or an unexpected supplier bankruptcy, much of how products are made and moved happens outside of our control.”[2] It follows that companies best able to deal with these disruptions are able to gain a significant competitive advantage. As the Logility staff notes, “Major sustained turmoil — like that caused by COVID-19 — quickly separates companies into bankruptcies, survivors, and thrivers.”[3] In Part One of this article, I focused on four supply chain risk areas: Cybersecurity; climate change; geopolitics; and, suppliers/third parties. In the concluding part of this article, I want to concentrate on expert suggestions for dealing with these risk areas.
Dealing with the Risks
Following the Second World War, as Winston Churchill worked tirelessly to form the United Nations, he famously said, “Never let a good crisis go to waste.” Of course, avoiding a crisis is a better and more cost-effective strategy. As I noted in Part One, one of the first things any company should do is undertake a vulnerability assessment using something like the Enterprise Resilience Management Methodology®. When crises do occur — and despite your best efforts they will — you should take Churchill’s advice. The Logility staff notes, “Be brutally honest and ask, ‘Does the business have a problem?’ If so, is it a priority to fix? How does it compare to other strategic priorities? If you tackle this problem, what’s the opportunity cost? You can frame this question in many ways, including, ‘Did we miss opportunity? Did we take on too much risk?'”[4] Over the past few years, supply chain professionals and business consultants have closely observed supply chain challenges and, not wanting to waste a good crisis, they have come up with recommendations on how to deal with some of the more common crises facing global supply chains. Following are some of their suggestions.
Cybersecurity Risks
Gary Stevens, an IT specialist, states the obvious, “The best way to preempt a cyberattack is to reduce the risks before the attack occurs. Implement a robust security strategy that will make it difficult for even the most determined hacker to gain access to your supply chain networks and data.”[5] The medical field has always counseled, “Prevention is better — and more cost effective — than cure.” Stevens suggests a robust security strategy should include: 1) Incident Response Planning; 2) Data Encryption; 3) Need-to-Know Policies; 4) In-depth Risk Assessment; and, 5) Extensive Cybersecurity Training. He concludes, “By putting ample cybersecurity measures in place, you can protect your supply chain from breaches before they occur. Encrypt your data, and prepare a robust security response plan in the event that something does go wrong. Be aware of prevalent cyberattack tactics such as digital risks, third-party vendor risks, supplier fraud, and data integrity. A better understanding of the risks allows you to understand the importance of being prepared to face cybercriminals well in advance.”
Climate Change
Frank Kenney, Director of Industry Solutions at Cleo, notes, “Between droughts, floods, fires and violent storms, climate change is already impacting ports, highways and factories.”[6] Recent events in Hawaii and California should be evidence enough that climate change is having an impact. Kenney predicts, “Worsening conditions will increase the pressures felt on the supply chain.” As Gunn noted earlier, these types of events are generally outside of a company’s control. That doesn’t mean supply chain professionals can simply throw up their arms in defeat. Kenney notes, “Already, efforts are underway to mitigate the impact, with ports weighing three options to account for rising sea levels: move inland, build massive sea dikes around ports, or raise all of the port infrastructure. … Aside from changing the physical elements of ports and infrastructure to protect against impending climate change, manufacturers can shift their own strategies to adapt. One solution often considered is having more inventory on hand, or developing dual supply chains that can deliver the same goods via two routes, in case one becomes impeded. Both solutions address the problem, but they also increase production costs and require greater oversight and visibility into supply chain operations.”
As Kenney makes perfectly clear, there are no silver bullet solutions; especially when trying to tackle climate change risks alone. “Perhaps a better way to respond to the supply chain challenges presented by climate change,” Kenney writes, “would be for organizations to gain full visibility into their connection points, so that they can quickly identify risks and opportunities as they arise. Modernizing and integrating systems allows for heightened organizational agility, and simultaneously increases collaboration across the ecosystem. Without such systems, visibility remains hazy, and organizations are apt to be slow to react to disruptions.” Of course, as collaboration increases so do the cybersecurity attack surfaces. Nevertheless, Kenney insists, “These modernization and integration plans can identify and stave off climate-related supply chain problems, as well as improve the response time to resolve disruptions along the way.”
Geopolitical Risks
During the height of the Covid-19 pandemic, there were numerous calls for decoupling supply chains from China. Calmer heads have since prevailed and the U.S. and Europe, along with many companies, are pursuing a de-risk rather decouple strategy. Lou Longo, a partner and international consulting practice leader with Plante Moran, observes, “Those companies that are the most agile, adaptable and quickest to take advantage of a regionally based product pipeline will come out on top. … To regionalize production, companies must take an overarching look at larger swaths of the globe. They need to analyze detailed information about the location of suppliers, customers and ship-to points. Only then can they determine the ideal location for sourcing — not just those that seem most convenient. To make the right decisions, they might find it beneficial to tap an outside perspective, one that can help them understand how products move, and ask questions from an unbiased perspective. The best move isn’t necessarily to immediately exit China, which remains a vast and growing market. Instead, manufacturers need to scale back and look into other regional opportunities that can bolster production and selling power.”[7]
Supplier/Third Party Risks
Andrew Black, a Principal at consultancy Efficio, reports, “So far, organizations have typically focused on monitoring the financial risks of their suppliers because this is the easiest to assess from the outside. As the potential risks multiply, organizations will need to do two additional things. First, get access to better, but harder-to-find data (for example, the environmental impact of a supplier operating in another country). Second, set up a system of collaboration with your suppliers, either in the form of contractual KPIs or informal information sharing.”[8] He admits these efforts can be “costly and time-consuming.” Nevertheless, he insists, “Having access to such information is becoming increasingly important as organizations seek to prove that their supply chains are ‘green’ or free of unethical labor practices.” Because gathering the right data is difficult, he suggests companies assemble a dedicated risk monitoring team. He concludes, “Ultimately, risk monitoring is only as good as the data that drives it.” “Finally,” Black notes, “it is important to recognize that third-party risk management is multi-functional. Financial risks will need input and action from the finance function, cyber risks from the IT function, and reputational risks from across the business.”
Concluding Thoughts
Best-selling author Seth Godin insists, “Flexibility in the face of change is where resilience comes from.” That’s why most supply chain consultants encourage companies to develop agile supply chains. There will never be a better time to do so than now. Becoming more agile also means becoming more digital in today’s connected environment. And becoming more digital means that leveraging artificial intelligence solutions, like the Enterra Supply Chain Intelligence System™, is becoming essential. Kenney insists, “Enterprises seeking agility and insulation from disruption must act now to enhance control as they undertake the digital transformation journey. Fallout from climate change [and other risk areas] isn’t going to wait, and the supply chain won’t be spared, so the tools needed to meet the moment must be sharpened now.”
Footnotes
[1] Staff, “12 Steps to a Resilient Enterprise: Part 1 of 4,” Logility Blog, 17 December 2020.
[2] Adam Tooze, “Welcome to the world of the polycrisis,” Financial Times, 28 October 2022.
[3] Matt Gunn, “Supply Chain Risks Come from All Sides,” IndustryWeek, 17 October 2018.
[4] Staff, “12 Steps to a Resilient Enterprise: Part 2 of 4,” Logility Blog, 20 January 2021.
[5] Gary Stevens, “How to Protect Against the Four Largest Cybersecurity Threats to Your Supply Chain,” Tripwire Blog, 19 June 2023.
[6] Frank Kenney, “Ensuring Supply Chain Success in the Face of Climate Change,” SupplyChainBrain, 22 November 2022.
[7] Lou Longo, “New Strategies for De-Risking Global Supply Chains,” SupplyChainBrain, 13 April 2023.
[8] Andrew Black, “Why third-party risk management is now a business essential,” Consultancy.uk, 1 November 2022.
