Unprecedented congestion, rising freight costs and limited availability of raw materials and key consumer goods have forced businesses this past year to think both proactively and reactively when it comes to risk management. An effective risk management program should be holistic — focusing on identifying deficits in supply chain management — as well as developing mitigation strategies that better position businesses to prevent service interruptions, control costs and maintain customer satisfaction. To better prepare an organization for the future, it is important to reflect on events in the past.

Perhaps no event in recent history has had a greater impact on the supply chain than the COVID-19 pandemic. With an export volume of more than $2 trillion, China’s exports are relied upon by much of the developed world. In the past, the majority of China’s export volume was in lower end consumer goods, but more recently China has taken a significant role as a primary producer of global commodities and sophisticated electronic and industrial components. From semiconductors to resins, active pharmaceutical ingredients to petroleum products, China is a critical node in the supply chain of almost every consumer product.

The COVID-19 pandemic impacted the global supply chain in a number of ways, including:

• Reductions in production capacity overseas due to government quarantines left many components in shorter supply.
• Overseas port capacity tightened because of quarantines and labor shortages.
• U.S. port capacity, already operating at its maximum after years of limited investment, became overtaxed and less efficient at moving product to final destinations.
• Increased consumer demand for foreign produced goods, such as home office equipment, clothing and furniture, further stressed global supply lines.

According to Drewry estimates, these issues drove up freight rates and transit times more than 100% and nearly 50% year-over-year, respectively, making it difficult for logistics professionals to meet customer needs. Those companies with logistics professionals that developed and implemented supply chain risk management strategies have likely experienced a limited impact in comparison to those without such processes in place. Business leaders should consider the following best practices to minimize disruption to its supply chain:

• Focus on primary and secondary suppliers, considering what impact they could have on the company’s ability to produce products.
• Have multiple suppliers, preferably in multiple geographic areas, as sources of critical raw materials and components.
• Maintain increased inventory on hand versus reliance on “just-in-time” methods.
• Manage customer expectations in respect to delivery schedules.

Cyberattacks 

Both the frequency and severity of cyberattacks — most notably ransomware attacks — have continued to rise in the past year. Due to an increasing number of network-connected devices and IT-dependent processes, ransomware attacks in many cases have completely halted operations at companies. As such, an attack can have significant impact throughout the supply chain, whether it be a manufacturing facility that becomes inoperable or a freight company that is unable to book new shipments. Perhaps even more challenging, full recovery from a cyberattack often takes several weeks, potentially even months. 

Unfortunately, there are no clear and simple solutions to eradicating ransomware and other cybercrime, but there are steps an organization can take to mitigate impact to their supply chain. Protecting an organization’s supply chain from cyber threats starts with a comprehensive, enterprise-wide, third-party risk management program. It is important for organizations to operate under the assumption that suppliers can fall victim to cyberattacks and establish business continuity plans that address strategies to handle outages at key suppliers, such as:

• Develop risk assessments for suppliers, determining what the operational and security impact to the organization may be if the supplier was victim of a cyberattack.
• Ensure due diligence is completed for all supplier relationships, addressing security requirements that are aligned with the organizations’ standards and industry best practices. Beyond technical security controls, special attention should be paid to the suppliers’ own cyber resiliency controls and their processes for managing third-party risk. 
• Monitor to verify that suppliers continue to maintain a strong security posture. This may entail periodic audits of the supplier as well as real-time tools that provide insights into the security of the suppliers’ internet-facing services.

Organizations may not have direct control over the cybersecurity of their suppliers. However, those organizations that prioritize suppliers with strong cybersecurity practices while also preparing for a worst-case scenario within their own company, can have a much more cyber-resilient supply chain. 

Natural Disasters

While natural catastrophes have always been a threat to the safe passage of goods internationally, their economic impact on a company continues to increase. This is due to several factors, including the increasing frequency and severity, the expansion of the global supply chain into newer geographic regions with added catastrophe risk, and the increasingly sophisticated manufacturing processes based on just-in-time methods requiring goods to be at the right place at the right time. This creates a growing risk for business leaders and may stress even well-prepared organizations.

In order to reduce exposure to the economic impact of a natural disaster, supply chain professionals must consider several mitigation strategies, including:

• Create a detailed mapping of critical suppliers that includes manufacturers and service providers, such as freight forwarders, in order to assess catastrophic risk potential.
• For identified critical areas, create a business continuity plan that outlines the process to shift to another resource in a separate geographic area.
• Invest in supply chain intelligence data and telematics to increase visibility on goods in transit, which will help business leaders identify a quick and effective response to catastrophes as they occur.

Natural catastrophes can test an organization’s supply chain resilience as well as the reliability and performance of systems and protections that businesses leverage to minimize everyday risk. While one cannot completely eliminate the risk associated with natural disasters, the organization that has developed a solid foundation of risk identification and one that maintains a high degree of visibility into their supply chain will be at an advantage versus those that do not spend the time in preparation.

Business leaders will continue to face challenges as organizations contend with the emerging landscape and the impact on global supply chains. A strong risk identification framework and mitigation strategy can help ensure leadership is prepared to make thoughtful, fact-based decisions in response to disruptions as they occur. Business leaders that focus on preparedness can help ensure that organizations are both financially and operationally resilient.

Drew Feldman is senior vice president and global marine business unit leader at CNA.