To Achieve Supply Chain Resilience…Shift Your Focus from Cost to Risk Management

supply-chain-resilience

It wasn’t long ago that companies could keep watch on their component costs without having to give undue attention to supply chain logistics. All of that changed with the supply shortages and delays created by the arrival, in rapid succession, of the COVID-19 pandemic, climate-related events, and the Russian invasion of Ukraine, all of which highlighted the fragility of supply chains.

These disruptions have made it clear that supply chain risk management strategy must now be top of mind. As a recent article in the Harvard Business Review (HBR) put it, “As managers navigate this dynamic, they need to think beyond product costs and supplier choices.”

Some areas of supply chain risk that managers should address include:

  • Economic: Issues related to supplier health at every tier in the supply chain, including supplier bankruptcy or manufacturing stoppages
  • Geopolitical: The effects of international conflicts, such as U.S.-China trade issues and the war in Ukraine
  • Environmental: Issues related to natural disasters or sustainability, such as societal demand to reduce greenhouse gas emissions
  • Cybersecurity: Protecting against cyber threats to supply chain management

While many manufacturers previously approached their suppliers focused mainly on price, today they must develop a more strategic approach to achieve resilience, flexibility, and sustainability, said HBR. By focusing on supply chain risks, managers can learn to stabilize supply chain disruptions in the near term while developing structural resilience in the long term.

To do this, companies must have strategies that allow them to assess the risk of their suppliers, as well as to mitigate those risks, noted business benchmarking site Brainyard. Managers need to know what’s happening not only with their Tier 1 suppliers—the suppliers they work with directly—but also the Tier 2 and 3 suppliers further up the chain.

“Once an organization has assessed the risk of its supply chain partners, the best way to build resilience is to diversify its supplier base,” reported Brainyard. “That means finding redundant suppliers for key parts and materials that are located in different parts of the world so, for instance, a hurricane in a certain region doesn’t halt all shipments of a crucial material. It could also mean finding partners closer to home—maybe not in the same country but on the same continent.”

Diversifying the supplier base and keeping safety stocks on hand are costs that may be more expensive or hard to justify, but can be important for building structural resilience, risk management professionals at McKinsey & Company wrote recently.

Other actions that can be critical to building resilient supply chains include “creating a nerve center for the supply chain, simulating and planning for extreme disruptions, and reevaluating just-in-time strategies,” the McKinsey article noted.

With supply chain risks now firmly on the C-suite’s radar, leaders must not only create supply chain risk-reduction strategies, but also revisit and update them continually.

It’s only by taking steps to mitigate risk and find the best product options that you’ll achieve better business outcomes. Learn more about Dynamic’s portfolio of supply chain services designed to anticipate and mitigate internal and external risks.

Supply Chain Cybersecurity: The Ukrainian War Increases Your Company’s Risk

Supply Chain Cybersecurity: The Ukrainian War Increases Your Company’s Risk

The war in Ukraine has brought the issue of cybersecurity into the mainstream of public opinion, with increasing media coverage of actual and potential Russian cyberattacks on businesses and infrastructure—often, far from the fighting.

These threats are very real, but for many companies they are not entirely new. Supply chain cyberattack risks, in particular, have been growing for some time, especially for companies in life sciences and other industries with sophisticated supply chains. And they can come from states like Russia, or from criminals.

A sampling of recent articles sheds light on the threats. The digital technologies that have made supply chains more efficient and responsive also make them vulnerable to bad actors. “The level of automation in the pharmaceutical industry makes it a prime environment for attacks. These environments are complex, and they haven’t been built to defend against nation-state attacks,” one security expert recently told the Biospace news site. The growing connection of operational technology to the network is also a factor, because it means bad actors can not only steal or damage data, they can also disrupt production and operations.

The variety of partners typically involved also makes the supply chain an attractive target. That’s because it increases the number of potential entry points, and it also means that a single attack can quickly move through the network to affect numerous partners.

Recent events have made this even more of a problem, as COVID and Ukraine have disrupted supply chains and forced companies to quickly turn to new, and often unknown, suppliers. As one security expert recently told Supply Chain magazine, this is a problem for medical devices manufacturers, “because on-time production and delivery can be a question of life or death. Supply chain is already the weakest link in any organization, even at the best of times. But for complex medical devices, where there is a multi-layered supply chain of hardware and software? For them, changing suppliers, or adding to them, significantly increases the exposure to risk.”

In short, cybersecurity will be a key supply chain concern for years to come. As a recent Forbes article noted, “Cybercriminals will continue to capitalize on the world’s heavy reliance on supply chains, infiltrating entire chains and not just individual companies…. More than ever, cybersecurity vulnerabilities are showcasing how interconnected we all are—as well as the fragility of many of these connections.” As a result, the article explained, supply chain cybersecurity should be a board-level issue.

Staying on top of the threat will require a multipronged defense.

Companies need to continue to harden their information and operational technology landscapes, through everything from zero trust security and education to combat social engineering, to security assessments, improved vetting of suppliers, and the comprehensive inventory of supply-chain assets. At the same time, they should prepare for the real likelihood that there may be a cyberattack on their supply chain and build the resilience to get back up and running quickly in the event of a problem.