Leveraging Risks Make for a Safer Supply Chain

Supply & Demand Chain Executive spoke with riskmethods' general manager Bill DeMartino on how leveraging real-time risk alerts can help organizations understand how to mitigate threats on the spot.

Cyber Security Cybersecurity Device 60504

Earlier this year we saw an slew of cyberattacks and threats, and it made one thing true: every supply chain is susceptible to risk. It is crucial to have alerts in place to help mitigate risks, but many companies are still holding off.

Supply & Demand Chain Executive spoke with riskmethods' general manager Bill DeMartino on how leveraging real-time risk alerts can help organizations understand how to mitigate threats on the spot. 

SDCE: Why is it important to leverage real-time risk alerts within supply chains?

DeMartino: Today, enterprises must move quicker to sense and respond to their customers and market conditions. If your risk management operates based upon information collected periodically, the enterprise is making decisions based upon dated information. Without technology enabled by artificial intelligence, you are left with a job that is insurmountable. You simply can’t read every news source in the world, every day, to make sure there aren’t any looming events that are going to disrupt your supply chain. Therefore, organizations that rely solely on manpower to identify risk are not staying on top of it all. More people on the team and services like Google Alerts can help, but still don’t provide the supply chain visibility necessary to proactively mitigate emerging threats.

Even relying on suppliers to alert you of an issue is not a sound strategy. Say there’s been a major fire at an oil refinery that’s part of your supply chain. Assuming they will immediately call you to tell you about the issue is wishful thinking. But with digital technology like artificial intelligence and machine learning in place, you can receive real-time risk alerts that will let you know about the fire as soon as it happens, allowing you to make moves that will keep the business intact. For example, this alert will allow you to purchase what you need from an alternate supplier – before the rest of the market tries to do the same. Fast action and digital technologies are key to a good risk management strategy. Without real-time risk alerts, companies are either left in the dark completely or stuck well behind the curve.

SDCE: In what ways can companies mitigate threats on the spot? What are some results that you have seen?

DeMartino: In order to be able to successfully mitigate threats on the spot, organizations must have a complete risk management strategy in place. This means first being able to properly identify potential threats and then having the ability to assess the impact of potential risk scenarios. Then comes risk mitigation. In order to effectively mitigate risk on the spot, an organization must have mitigation plans in place, before disaster strikes. It’s also critically important for organizations to work with their suppliers to ensure they also have a plan in place and are familiar with that plan, so organizations and their suppliers are able to collaboratively enact their plans and respond to a threat.

Chemical company Stockmeier Group, for example, was able to act fast when riskmethods alerted their organization to a fire at its supplier’s facility 30 hours before the supplier did. The company was then able to find an alternative source before market prices increased, saving a whopping $300,000 – not to mention the time, effort and angst it would have taken to lock-in this alternate source of supply once all  their competitors caught-up.

SDCE: Why do you think some industries, such as manufacturing, are more prone to risks/cyber attacks than others?

DeMartino: All organizations are susceptible to risk, but in industries like manufacturing where organizations rely on well-oiled supply chains and large supplier networks to produce and distribute their products to customers, risk is even more imminent because there are more factors at play. There’s always the possibility that a supplier will face a financial risk, where a supplier encounters a business scenario that threatens their financial health; a reputational risk, where a supplier engages in activity that negatively affects an organization’s brand reputation; natural disaster risk, where the supply chain is disrupted by a hurricane, earthquake or other natural disaster; or a cyber risk, where a business is harmed by a supplier’s use of technology – to name a few. Cyber threats can be especially challenging, given that these risks can come in many forms and manufacturers need to be aware that these potential threats can enter the supply chain at any point, impacting both operations as well as the products they make and sell.

SDCE: What are some proactive measures companies can take to prevent threats in their supply chain?

DeMartino: It’s important for organizations to recognize the value of making risk-aware decisions. Not all risks should be viewed as threats, but rather opportunities to drive competitive advantage. With the right data and by leveraging risk impact scores, organizations can consider both the upsides and downsides of a potential risk, driving better decision making.

Although it’s impossible to completely eliminate supply chain threats, there are definitely steps that companies can take to be more proactive about them. With the right combination of AI-powered technology and risk mitigation action plans, it’s possible to get predictive insights that indicate a risk event might occur, and then make moves to avoid that risk before it does. Say, for example, you get multiple alerts about a major supplier going through ownership changes or C-level shakeups—this is often an indicator that some financial trouble is afoot. With advance warning, you can make sure that you have an action plan established if this supplier does go down—or even switch to another supplier before anything actually happens.

SDCE: Do you believe companies will begin to improve their risk mitigation before a problem occurs if they see another big-name company get affected?

DeMartino: In theory, yes. But we have seen examples of big brands being affected by emerging threats like supplier shutdowns, natural disasters, compliance issues and brand reputation scandals play out in the media daily – recently the prevalence of child labor issues in global supply chains. And despite this, many organizations rely on manual, reactive approaches to managing risk. Unfortunately, it might take actually experiencing a threat themselves before organizations improve their risk mitigation strategies. Even if an organization isn’t forced to react to a major incident, other market forces will take over. For example, in the case of child labor within supply chains, regulations are growing, while consumers and governments are demanding visibility. Organizations might also experience competitive pressures from companies that have sound CSR processes in place, which are in high-demand from boards, investors and auditors. Soon enough, organizations will realize the importance of proactive risk management.

SDCE: What possible threat could consumers face if companies aren’t properly protected?

DeMartino: Possibly the most common impact of a supply chain disruption for consumers is price increases followed by the lack of product availability. For example, if an automobile manufacturer relies on just one supplier to provide a particular part and that supplier shuts down due to insolvency, production of the cars could be halted and in turn, availability of that car will be limited. This can be simply inconvenient—but depending on the product, it can also be life-threatening. For example, companies that deliver medical technology or safety equipment could cause a direct threat to consumers if their product delivery is delayed or halted by a supply chain disruption.