This document discusses developing contingency plans to avoid supply chain disruptions from security breaches. It identifies typical supply chain risks such as natural disasters, cyber attacks, cargo theft, and geopolitical instability. The document examines causes of past disruptions and outlines strategies to mitigate risks like conducting threat assessments, identifying core business functions, analyzing impacts, and implementing prevention measures. Developing contingency plans can help companies effectively protect their supply chains and realize benefits like decreased losses, improved continuity, and competitive advantages over rivals.
3. The road to globalisation – and greater
risk
World Economic Forum Study 2012, Insurance News; Deloitte 2012 Risk Management Report; BCI Supply Chain Resilience Survey 2011; Ruud Bosman (2006)
- The New Supply Chain Challenge: Risk Management in a Global Economy, Factor Mutual Insurance
“Despite the known dangers
and costs of supply chain
disruptions, only 21% of
companies assess value and
supply chain risk continuously.”
4. Increasing complexity and fragility
Adapted from G. Linden, K.L. Kraemer, and J. Dedrick (2009), “Who Captures Value in a Global Innovation Network? The Case of Apple’s iPod”,
Communications of the ACM, March 2009, Vol. 52, No. 3, pp. 140-144; World Economic Forum Global Risks 2015.
$80
$75
$85
$19
$27
$7
$5
$1
$40
$80
$75
$85
$19
$27
$7
$5
$1
$40
Apple (Margin) Distribution and Retail Major Components
Other Inputs Japan (Margin) USA (Margin)
Taiwan (Margin) Korea (Margin)
5. The Chief Supply Chain Officer
agenda
Top
5
Cost
Containment
Customer
Intimacy
VisibilityGlobalisation
Risk
55%
56%
70%43%
60%
IBM, The Smarter Supply Chain of the Future - Insights from the Global Chief Supply Chain Officer Study 2010
10. Only 9 cyber attack patterns to
consider
Nine patterns classify almost all of the attacks and cover 92% of over
100,000 incidents
0,1%
0,7%
0,8%
3,9%
4,1%
15,3%
20,6%
25,1%
29,4%
Payment card skimmers
Point of sale intrusions
Cyber espionage
Denial of service attacks
Web app attacks
Physical theft and loss
Insider and privilege misuse
Crime ware
Miscellaneous errors
Verizon 2015 Data Breach Investigations Report
11. Cyber attacks are physical
of insider and
privilege misuse
attacks used the
corporate LAN.
of theft / loss
happened at
work.
of miscellaneous
errors involved
printed
documents.
Verizon 2015 Data Breach Investigations Report
12. Typical cyber attack incidents for
transport & logistics
24% 16% 16%Transportation
Cyber-espionage Insider and privilege misuse Web app attacks
of the incidents in an industry can be described by just
three of the nine patterns.
WEB APP ATTACKS
When attackers use stolen
credentials or exploit
vulnerabilities in web
applications — such as
content management
systems (CMS) or e-
commerce platforms.
INSIDER AND PRIVILEGE
MISUSE
This is mainly by insider’s
misuse, but outsiders (due to
collusion) and partners
(because they are granted
privileges) show up as well.
Potential culprits come from
every level of the business, from
the frontline to the boardroom.
CYBER-ESPIONAGE
When state-affiliated actors
breach an organization, often
via targeted phishing attacks,
and after intellectual property.
Verizon 2015 Data Breach Investigations Report
13. Look inside your company
0% 5% 10% 15% 20% 25% 30% 35% 40%
Unknown
Domestic intelligence service
Foreign nation-states
Competitors
Activists / activist organisations / hacktivist
Organised crime
Hackers
Suppliers / business partners
Former service providers / consultants / contractors
Current service providers / consultants / contractors
Former employees
Current employees
Likely sources of incidents
All industries in all regions Transportation & Logistics
PWC Global State of Information Security Survey 2015
14. Screening and vetting is business
critical
0% 10% 20% 30% 40% 50% 60% 70% 80%
Conduct personnel background checks
Require 3rd parties to comply with our privacy policies
Employee security awareness training programme
Priviledged user access
Secure access-control measures
Accurate inventory of where personal data for
employees and customers are collected, transmitted…
Employee Chief Information Security Officer in charge
of security
Information security strategy that is aligned to the
specific needs of the business
Security safeguards in place
All industries in all regions Transportation & Logistics
PWC Global State of Information Security Survey 2015
23. Consequences of supply chain
disruptions
0 10 20 30 40 50 60 70
Share price fall
Product recall/withdrawal
Fine by regulator
Payment of service credits
Increase in regulatory scrutiny
Loss of regular customers
Product release delay
Stakeholder/shareholder concern
Delayed cash flows
Damage to brand reputation
Service outcome impaired
Customer complaints received
Loss of revenue
Increased cost of working
Loss of productivity
BCI Supply Chain Resilience Survey 2014
26. Contingency planning
Conduct a
Threat
Assessment
Identify and
Review Core
Business
Functions
Conduct a
Business
Impact
Analysis
Apply
Prevention
and Mitigation
Measures
Implement
Tests and
Maintain the
Plan
What can go wrong?
What are the exposures
to the supply chain?
Look for your
Achilles' heel.Have a well-
thought-out
plan.
Test the plan!
What does the combination Step #1
and #2 can do to your business?
27. Risk mitigation strategies
Research, analysis, training, and guidance to
support your company through supply chain
security efforts such as TAPA, C-TPAT or AEO
Review and Support, Security Criteria Gap
Analysis, Financial Risk Exposure Review, and
Continual Improvement Support.
Utilising business continuity management
standards such as ISO 22301:2012.
Utilising comprehensive supply chain security
intelligence resources, including trade and
compliance intelligence, global supply chain
security risk data and analysis.
Supplier oversight and cargo custody controls.
Using real-time trade interruption updates and reports on major disruption incidents,
countermeasure programs, and risk mitigation best practices. Country-specific reports on Supply Chain
Terrorism, Cargo Disruption, Business and Political Climate, Population and Culture, Economy and
Trade, Transportation Infrastructure, General Governance, Export Control Governance, Employer
Security Practices, and Customs-Trade Supply Chain Security Programs.
Thorough vetting of your supply chain and participating firms’ supplier base.
Automating the supplier risk assessments for Anti-Western terrorism and cargo disruption data.
Modelling the risk of global cargo tampering data and terrorism.
29. Benefits to you
Effectively protect and manage your supply chains
with the ability to productively respond to stresses
Decreased losses and lower associated production
costs
Improved business continuity via a more robust,
resilient, and responsive supply chain
Greater end-to-end transparency for improved
process management and efficiency
Competitive advantages over industry rivals when
supply chain risks arise
Brand Protection