Third-party supply chain risk  

Written By Melonie Cole

Written by Mike Seddon 

I’ve had several conversations lately about third party suppliers and supply chain risks, primarily focused on cybersecurity.  

However, this past weekend’s severe weather, snow in the south and high winds and heavy rain elsewhere, prompted me to think more broadly about other factors affecting supply chain risk.  

Disruption, potentially a larger risk for many businesses, can stem from a cyber incident, a weather event, or even geopolitical issues (of which there are quite a few happening right now).  

How we respond to each risk may vary greatly so I thought it important to help those who are just coming to grips with the complex interrelated nature of supply chain risk management.  

Understanding supply chain risk 

Supply chain risk refers to the potential problems that can disrupt the flow of goods and services from suppliers to customers. These risks can stem from various sources, such as natural disasters, geopolitical events, or cyber-attacks, each of which may result in financial loss or harm the company’s reputation. 

Key risk factors 

Natural disasters 

Earthquakes, floods, and other natural events can halt production or transportation. Local weather disruptions are easy to understand when they affect the local power or telecommunications company. If the power goes out or internet goes down, your customers will understand and may also be affected by the outages themselves, but they may be less forgiving if you don’t have a response plan when events happen elsewhere in the world. 

Geopolitical instability 

Trade wars, sanctions, and other political issues can affect the availability and cost of goods. Sanctions between US and China affecting the telecommunications sector have played out publicly over recent years but often these types of events are less visible yet still have far reaching effects on global supply chains. 

Cyber-attacks 

Hackers might target the supply chain to steal sensitive data or disrupt operations. 

It feels like a week doesn’t go by without another huge theft of personal data, ransomware event or denial of service against high profile organisations. An increasing number of these malicious acts are carried out by exploiting suppliers rather than going after the victims directly. Below are two public examples: 

 

Mitigation strategies 

Due diligence 

It starts here! Assess the criticality of the supplier to your business and establish the controls to safeguard against potential risks. This process includes checking references, reviewing customer feedback, visiting their facilities, and ensuring they hold necessary certifications. It also involves drafting clear contracts and setting up regular performance reviews. 

Ongoing supplier management 

Suppliers are critical to your business, so it’s not a "set and forget" situation. Continuously monitor for new risks and assess the effectiveness of mitigation strategies. Regular updates and reviews ensure supplier performance meets expectations and plans remain relevant. 

Response planning 

Develop and regularly update business continuity and disaster recovery plans to handle potential disruptions. Ensure these plans are exercised so everyone knows their roles, including your suppliers if they are part of the response. 

Diversification 

Minimize reliance on a single supplier by engaging multiple suppliers or establishing contingency plans for alternate suppliers to mitigate issues related to pricing or availability. 

This is a complex and fascinating topic and much of what I’ve touched on is worthy of a deeper dive. 

Expect more from me on this topic! 

Please connect or contact me via LinkedIn – Mike Seddon. 

Melonie Cole
Previous

Cyber Security Awareness Month Wrap-Up 
Next

How do I know what apps are safe?