Printed from BusinessInsurance.com

Uncertain, complex risks an inherent part of today's supply chains

Posted On: Mar. 23, 2016 12:00 AM CST

NEW YORK — Supply chains can be threatened by people and forces inside and outside an organization.

In fact, three groups of people can affect the cyber security aspects of supply chain management, said Dawn-Marie Hutchinson, New York-based executive director in the office of the chief information officer for Denver-based Optiv Security Inc.

Insiders are most susceptible to social engineering manipulation that can lead to the loss of intellectual property, she said Wednesday during a discussion at Business Insurance's seventh annual Risk Management Summit in New York.

Outside providers may be small operations with “immature security controls” that also put intellectual property at risk, she said.

And hackers “don't have to be all that sophisticated,” Ms. Hutchinson said, citing an example of pirates who hacked into a shipper's routes.

Organizations should have a vendor management program that includes, among other things, identifying all of a company's mission-critical providers and specifying primary contacts — people who make sure a third party is doing its job, she said.

The human element must always be taken into account in supply chains, said Geoff Taylor, executive vice president in the San Francisco office of Willis Towers Watson P.L.C.

The complex nature of supply chains means that when things go wrong, people become stressed and can become unpredictable, emotional and irrational, said Mr. Taylor.

Even with the most rational and scientific reasoning, someone can still make the wrong decision. A “robust corporate responsibility program is critical” in dealing with issues that might arise with suppliers, he said.

The new normal for supply chains involves uncertainty, complexity and risk, said Gregory L. Schlegel, adjunct professor of supply chain risk at Lehigh University in Bethlehem, Pennsylvania, and founder of the Supply Chain Risk Management Consortium — a virtual consortium of 13 companies. He also said enterprise risk management can be applied to supply chain risk.

“It is our job to be in the lead when it comes to supply chain” risk, said Debbie L. Gramer, director of global risk management at Englewood, Colorado-based Arrow Electronics Inc. Risk managers have to be concerned about the vendors who aren't “big fish,” she said. “Trust but verify.”