Supply chains are in flux as companies continue to look for the right balance between offshoring and near-shoring and seek ways to streamline operations. Supply chains are also being buffeted by global forces ranging from climate change to demographic shifts and increased urbanization. Together these changes have introduced new security vulnerabilities, including fraud, counterfeiting, piracy, political instability, natural disasters, product diversion and part/ingredient adulteration. When a security incident does occur, it drives up costs by compromising sources of supply, interfering with production and delivery, and damaging a company's reputation. It is therefore not surprising that there is a direct correlation between proactive risk management and a company's stock price.

Assessing security risk is a huge undertaking, given the complexity of today's global supply chains. Companies need to have a detailed understanding not just of their suppliers and their potential vulnerabilities, but also those of their suppliers' suppliers. For example, without knowing who is supplying its suppliers, a company may have difficulty tracing the source of counterfeit components that end up in its products. Or, the supplier of a particular raw ingredient may be based in a country that has been experiencing an uptick in geopolitical uncertainty – indicating a need for an alternative source. For these reasons, transparency into the supply chain is essential.

Often, managing security risk involves evaluating a set of risk choices: management gauges the company's risk exposure and then decides how to reduce it to an acceptable level. While Big Data tools can help companies quantify risk exposure, many companies fail to merge that information with supply chain data to truly understand the cost or revenue impact. By translating security risks into fact-based probabilities and quantifiable financial impacts, supply chain executives can incorporate this information into everyday decision-making, to determine the right mix of resources, investments and effort required to manage the risk.

Finally, it is important for companies to build risk management into their performance reward systems. If organizations only reward employees based on revenue generation or cost savings, then risk will never become a supply chain consideration. The same method of evaluation applies to supply chain partners. When companies include total cost or risk-associated cost in the handful of metrics that matter, they are far better equipped to understand risk events when they do occur. 

                                                          The Outlook

Supply chain evolution will likely remain a constantly moving, complex web. Effectively managing security risks can hinge on removing the guess work – knowing what the network looks like, quantifying the risks, and linking rewards to measurable risk-mitigation behaviors. How are you measuring supply chain security risk? Is your data giving you the insight and actionable information you need?

© 2015 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.