I first wrote about the cyber threat to supply chains almost 7 years ago in The Hackers Inside Your Supply Chain. Two years later in The Day A Cyber Attack Brings The World’s Supply Chains To A Halt, I wrote:
The threat of cyber attacks has only intensified since [2014], and as our supply chain networks and processes become more dependent on software, GPS, and other technologies, the risk for a cyber attack on supply chains will only continue to grow.
Then came the ransomware virus called WannaCry in 2017, which caused significant disruptions around the world (over 200,000 organizations affected in more than 150 countries).
And the list goes on, with the most recent example happening this week. As reported in The New York Times:
[Colonial Pipeline], one of the nation’s largest pipelines, which carries refined gasoline and jet fuel from Texas up the East Coast to New York, was forced to shut down after being hit by ransomware in a vivid demonstration of the vulnerability of energy infrastructure to cyberattacks.
In light of all these cyber attacks, is ensuring cybersecurity across your supply chain a high or low priority for your supply chain organization?
We asked our Indago members that question back in January 2021. Almost three quarters of our member respondents say that ensuring cybersecurity across their supply chains is a “High” (47%) or “Very High” (26%) priority for their organization. Only 5% said that it was a “Low” priority.
When it comes to assessing cybersecurity vulnerabilities, the respondents said that “Third Party Logistics Providers” were the most difficult to assess (79%), followed by “Tier 2/3 Suppliers” (42%).
Is cybersecurity an IT responsibility or must the supply chain organization play a leading role too?
“In my organization, our corporate IT entity leads cybersecurity, and with a pretty heavy hand, I must add,” said one respondent. “At times it prevents the supply chain organization from implementing needed solutions because of the scrutiny. The biggest challenge has been alignment between supply chain and IT/cybersecurity around solutions that meet business needs and offer the right balance of security.”
Others, like this respondent, looked at it more broadly: “With how much is at stake, every employee in the organization plays a part in cybersecurity.”
Here are some other value-added comments from our Indago members, who are all supply chain and logistics professionals from manufacturing, retail, and distribution companies:
“Cybersecurity is a partnership between Supply Chain and IT; however, it is owned by IT. The biggest challenges are related to a lack of visibility and understanding of the capabilities and risks of integrated suppliers and customers.”
“We have had recent third-party breaches. It is challenging as we still have freight moving with these providers and also would like to utilize their capacity. The challenge is shutting them off electronically and losing the communication we have grown to rely on.”
“Supply Chain cybersecurity is a huge vulnerability for supply chain professionals because most of the software we use is SaaS [software-as-a-service] and the expectation is that the software provider is handling the safeguarding of our data. Assumptions often lead to vulnerabilities, which reinforces the goal that IT and Supply Chain professionals should work more closely together.”
“It is IT’s responsibility to assess, but SRM /Procurement’s responsibility to execute/manage LSP [logistics service provider] cybersecurity. Biggest challenge: ensure LSPs maintain proper levels of security without making contractual requirements so restrictive that LSPs do not want to work with you.”
Is ensuring cybersecurity across your supply chain a priority for your supply chain organization? Is this primarily an IT responsibility or must the supply chain organization play a leading role too? What are the biggest challenges? Post a comment and share your perspective!
Join Indago
If you’re a supply chain or logistics practitioner from a manufacturing, retail, or distribution company, I encourage you to learn more about Indago and join our research community. It is confidential, there is no cost to join and the time commitment is minimal (2-5 minutes per week) — plus your participation will help support charitable causes like JDRF, American Logistics Aid Network, American Cancer Society, Feeding America, and Make-A-Wish.
You can also follow us on LinkedIn to stay informed of our latest research results and news.
