Extended supply chains can cause problems for even the most sophisticated cyber security as many businesses have discovered to their cost.

Speaking at the FERMA Forum in Berlin, two risk management experts will explain how organisations can make sure that their supply chains do not leave them vulnerable to cyber criminals.

Strategic Risk cauht up with them ahead of the workshop to get the inside scoop

Strategic Risk: How are supply chains being digitalised and is there a trend towards a digitalised future in supply chain management?  

Tiago Dias, cyber risk consultant for Europe, Middle East and Africa at FM Global: Across many sectors, companies are certainly seeking to digitise their supply chains, in order to become more efficient, and create a competitive advantage.

cyber cover

This clearly is part of the process of the Fourth Industrial Revolution, where businesses embrace technologies such as the Internet of Things, automation, data analytics and artificial intelligence, to improve performance, customer satisfaction and ultimately, profitability.

Eva Perez, corporate risk & insurance manager at Transfesa: Logistics supply chains are trending towards be digitalised, but the main problems are the status where we are coming from and the costs of the investments.

What it is pretty clear, is that if companies do not make investments or actions on this issue, they will never be adapted to an uncertain and changing world and the companies will disappear, maybe not now but in the future.

SR: What risk trends will you be highlighting during your supply chain workshop? 

Dias: Within the workshop, I will be discussing the importance of risk evaluation and associated mitigation. Specifically, I will be discussing the importance of supply chain managers and risk managers understanding the risks they could be importing as new technologies and greater connectivity are utilised in the pursuit of efficiency.

Perez: The most complex matter is getting the mix of operational risk with sufficient support at the technological / digital level and processes from all areas of the organisations enough aligned.

We push data control, through systems and tools implemented in the assets and coordination with suppliers and customers. The message could be “together we win all”

SR: Talk me through the increased cyber vulnerabilities associated with a digitalised supply chain?

Dias: As is often the case with the Internet of Things, the greater the number of devices which are connected, the greater the likelihood that a hostile actor can compromise a system due to the different software being adopted and with it, different vulnerabilities, either to steal data, damage property, or cause havoc generally.

When looking at supply chains specifically, the potential for hostile actors to cause damage, whether to the primary business or to a supplier can be significant, given cyber-security standards across businesses and regions can vary so significantly – a well-protected business could still suffer significant business interruption, when a supplier is unable to operate as a result of inadequate cyber-security procedures.

Perez: The most important thing is to be pretty sure that the companies are well defended, but if our partners, clients and providers are not in the same status as us then nothing will work.

SR: Why are these risks difficult to manage?

Dias: These risks are difficult to manage for the same reason that cyber risk generally is difficult; the tactics used by hostile actors are constantly changing and evolving and so are corporate environments, with risk management programmes required to evolve at the same rate. Given the sheer number of threats major companies face across the world, it is no surprise that protecting digitised supply chains can be challenging.

Perez: These risks are always changing, this is the highest difficulty and it is not like a fire where you can see where it starts and where it finished because everything is burnt, with these risks when you have the problem usually the damages are very high.

SR: How can risk manager optimise the risk management of digital-related supply chain threats?

Dias: As with most risks that risk managers face, clear, up-to-date, and accurate information is vital. Artificial Intelligence will become imperative supporting Risk Managers in decision making. Audits of supply chains can highlight “pinch points” where a loss would be disastrous. Risk managers can then find alternative back-up suppliers, or introduce contingency plans to reduce the risks that their business faces.

Perez: Risk managers must optimise the supply chain with risk analysis including contracts, operative, procedures, financial, RRHH, etc.. and align all of it by carrying out the same actions in the companies of providers and customers .

You can have the best safety product but if you do not make the other parts have the same then you are lost!