Home' MHD Supply Chain Solutions : MHD Mar-Apl 2016 Contents Conclusion
In its seven editions, the BCI Supply Chain
Resilience Report has tracked the origins,
causes and impacts of supply chain disruption.
This report also demonstrates the integral role
of supply chains in organisational resilience.
Benchmarking supply chain behaviours
is a crucial first step for organisations in
determining the fitness for purpose of their
BC arrangements and introducing further
improvements that impact resilience. The
following summarises a few of the insights
uncovered in this year’s research.
1. The reliance on technology in managing
complex, global supply chains has influenced its
overall risk profile as shown by growing evidence
of non-physical causes of disruption.
Unplanned IT and telecommunications
outages, cyber attacks and data breaches
remain the top causes of disruption and is seen
as significant risks ahead. Incidents of non-
physical disruptions continue to grow which
should prompt organisations to assess their
resilience in this space.
2. Implementing supply chain BC enables
good practice and creates a virtuous cycle of
behaviours leading to greater resilience.
Findings reveal that organisations with
supply chain BC are more likely to engage in
behaviours that increase visibility, mitigate the
impact of losses, and exhibit top management
commitment essential to resilience. This
underscores the value of BC as an important
‘protective discipline’ and it’s contribution
towards supply chain resilience.
3. Leadership is an essential driver of supply
chain resilience. Results show that high levels
of top management commitment to supply
chain resilience are more likely to encourage
good practice across the organisation. It is
a key challenge for BC and supply chain
practitioners to engage their top management
in order to leverage their efforts in building
supply chain resilience.
4. Supply chain visibility remains one of the
biggest challenges to resilience. The data shows
the complex nature of supply chains, with many
organisations relying on a growing number of
key suppliers. Disruptions continue to occur at
lower levels that may induce severe knock-on
effects to organisations at the end of the supply
chains. It is therefore important for organisations
to focus on reporting disruption firm-wide and
increase supplier visibility.
Organisations cite the benefits of supply
chain resilience, which include raised
staff morale, greater preparedness against
disruption, improved corporate reputation,
and lower recovery costs. These ultimately
benefit an organisation’s bottom line, making it
imperative for practitioners to engage their top
management and demonstrate how improved
supply chain resilience can increase competitive
advantage. As such, studies like these are
important tools in making that business case
and leading organisations towards greater
investment in this area.
5. Assurance and validation are integral parts
of supply chain BC. Organisations are encouraged
to close gaps in supply chain resilience by
engaging with their suppliers. There should be
a clear effort in maintaining a robust system
of assurance and ensuring that suppliers’ BC
arrangements are validated. BC must be a part of
the conversation between organisations and their
suppliers from tender onwards, building it as a
key part of the business relationship.
This article has been prepared with the
kind permission of the Business Continuity
Institute (BCI). Founded in 1994 with the
aim of promoting a more resilient world,
the BCI has established itself as the world’s
leading Institute for business continuity and
resilience. The BCI has over 8,000 members
in more than 100 countries, working in an
estimated 3,000 organisations.
The BCI welcomes everyone with an interest
in building resilient organisations. Further
information about the BCI is available at
CASE STUDY: CYBER ATTACK IN THE SUPPLY CHAIN
In September 2014 Home Depot, by far
the largest home improvement firm in North
America, suffered a major cyber-attack that
involved the violation of 56 million debit and
credit cards, as well as of 90 million customer
accounts. Over 2,000 stores were affected in
both the United States and Canada, forcing
the company to pay roughly $62 million in
terms of legal expenses and overtime, and
banks to make up for an additional $92
million cost to replace the credit cards at risk.
The data breach occurred following the
successful theft, by hackers, of a third-
party vendor’s identity along the company’s
supply chain. The attackers exploited
weak links in the chain to hijack their
credentials, which they used to access
and navigate within Home Depot’s online
system, as this was symbiotically shared
with its suppliers. Once in the network,
cybercriminals were able to deliver
malicious software all the way up to the
endpoint of the chain, Home Depot itself.
They infected self-checkout points in every
store in North America, copying credit card
numbers and customers’ details for over four
months without giving any sort of suspicion.
Apparently, gaps in the encryption systems
as well as the use of old software turned the
damage into a disaster, but the source of the
attack did lie in a supply chain weakness.
The size and dynamicity of today’s supply
systems have come to require higher and
more appropriate cyber security standards,
where companies need to consider their
partners' safety measures as their own, since
today a firm’s security extends to each and
every member of its chain, as a peripheral
weak link could easily affect its vital core.
CASE STUDY: DEMONSTRATING SUPPLY CHAIN RESILIENCE
A large information security services
organisation based in the United States, has
distinguished itself due to the performance
of its supply chain. The firm reported zero
disruptions in the previous 12 months, and
was ranked eighth among the firms with the
most resilient supply chains in the world.
The impact of technology and supplier
data analysis has been significant in terms
of mapping different players along the
chain, but what seems to have really made
the difference for the organisation is the
adoption of the best practices in the field.
Relations with suppliers have been
extended beyond Tier 1 or 2, with the firm
monitoring over 900 organisations in order
to minimise the risks of an attack to a
weak link. Business continuity plans are a
core requirement for its suppliers, who are
regularly tested and evaluated in order to be
ready in the case of a disruption. Meanwhile,
activities recognising good performance,
such as sustainability awards, proactively
encourage suppliers to improve each other’s
business safety. The organisation also
considers standards to be pivotal in building
supply chain resilience as it plans to adopt
ISO 22301 in the near future.
What emerges from this organisation’s
case is that while technology might be
a very useful means, it is a company’s
attitude and ability to embed good practice
that make the difference in building supply
MHD SUPPLY CHAIN SOLUTIONS — MARCH / APRIL 2016
SUPPLY CHAIN 47
Links Archive MHD Jan-Feb 2016 MHD May-Jun 2016 Navigation Previous Page Next Page