This is the third in a series of blogs in which I review how the supply chain trends we picked out at the start of the year have played out. This week, I’ll be looking at cyber-security. This is a bit trickier than the others to assess as businesses tend not to shout too loudly about developments (or lack of them) in their cyber-security strategy, but a lack of exposure is certainly not an indication of a diminished threat!
Cyber-attacks can be among the most disruptive events a supply chain can face. We saw just how damaging they can be in 2017, with several FMCG businesses suffering severe damage as a result of attacks. The 2018 Global Threat Intelligence Report highlights the threat. The report, which categorises supply chain as part of the wider business and professional services sector, suggests it is now the third most attacked sector globally1.
Source: 1,2 2018 Global Threat Intelligence Report, NTT Security
A shape-shifting threat
One of the most challenging aspects of cybersecurity is that threats are continuously evolving. At the same time, the size of the target is growing. We said at the start of the year, that digitised “things” are windows into businesses. This remains the case with more sensor-based technologies being incorporated into supply chain operations all the time – these are particularly challenging to secure.
So, the sphere of things to protect is growing (massively) and the threat is becoming more sophisticated, but according to the 2018 Global State of Information Security Survey, only 34% say their organisations plan to assess Internet of Things (IoT) security risks across the business ecosystem. This is a telling statistic, particularly given that as an industry, we are more and more digitally driven, and we’re locked into this trajectory.
It’s fair to say that so far in 2018, we haven’t seen attacks on the same scale as those that impacted the industry last year. Perhaps businesses have been sparked into life, the truth is, we don’t really know. What we can say with confidence is the cyber threat will continue grow, both in terms of the likelihood of an attack and severity of impact.
What can we do about it?
Our Supply Chains for Growth research identified skill in applying disruptive technology as a feature of supply chain organisations that are set up to deliver strategic competitive advantage. It also identified the need for transparency and trust to be at the heart of supply chain strategy.
Skill in applying disruptive technology includes an ability to assess technology in its totality, including how it fits into the cybersecurity strategy.
In these hyper-competitive times, investing in “back of house” capability that doesn’t directly add to the customer proposition, at least in marketable way, isn’t the number one priority for many. But increasing the capability and expertise of people to make the most of the new tech extends beyond everyday users – to those responsible for making sure that technology doesn’t introduce unacceptable threats. This means training or acquiring the necessary skills.
When viewed through lens of the second feature I called out, Transparency and trust, the importance of cybersecurity takes on new meaning. It will be crucial for establishing the partnerships, that will be so vital to addressing the many challenges facing the industry. In the digital world, the boundaries between businesses are blurred, with more data sharing and third-party hosting set to become the norm. To thrive, partnerships must be seen to add value; they certainly cannot introduce risk.
Source: Supply Chains for Growth, IGD, 2018
Transparency and trust extend to consumers, and how they perceive the businesses they interact with will influence success. The introduction of GDPR is just one example of the changing standards. While this is mandated change, many initiatives will be a result of choices. Leading businesses will increasingly put transparency and trust at the heart of their business strategy, with those who lag behind conspicuous by their lower standards.
While cybersecurity was called out as a key trend, this year we’ve also looked at number of other threats facing the industry’s supply chains. Our three-report series on the Vulnerabilities in the Global Supply chain looked at geopolitics, the environment and resources and setting up for disruption. We explored chokepoints, protectionism and changes to trading blocs, as well as weather and climate, disasters and resource scarcity. We also called out decisions businesses must take to set up to deal with disruption.
Self-disrupt and evolve
Tom Moody, Managing Director Northern Europe P&G called out the “curse of the incumbent” at last month’s Supply Chain Summit, identifying the need to disrupt yourself. In my opinion, cybersecurity should be high on this list of ways food and grocery businesses do this.
Resilience, backed up by contingency and continuity plans might not be glamorous, but these are essential in today’s complex, global supply chains. Technology, in particular, is resetting customer expectations and behaviour, and a cybersecure supply chain will be a prerequisite for the consistent delivery of ambitious customer promises.