Nike’s woes in China, paralysis in Suez, Brexit border chaos and above all the growing threat of cyberattacks – when it comes to fast-moving consumer goods (FMCG), luxury and sporting goods it has never been more important to manage and minimise supply chain risks.

Cyberattacks – the growing threat

Cyberattacks offer more potential for unexpected calamity, and the speed and scope of the damage can be eye-watering. British Airways was fined £20m by the Information Commissioner’s Office for a massive breach of customer data after hackers stole the personal and financial details of more than 400,000 passengers in 2018. Crucially, the technical vulnerability had been well known yet the airline had not updated its systems. This spurred accusations of negligence or reckless risk-taking – all the more so because BA did not detect the cyberattack for more than two months. The fine will have dwarfed what the cost would have been to patch the vulnerability in the first place.

Supply chains and vendors are a frequent target: 70% of cyber security data breaches now involve a third party supplier of some sort. In the 2020 SolarWinds cyberattack that compromised U.S. government agencies and 18,000 companies on a scale that surprised even veteran security experts, the hackers zeroed in on a weak link in the software supply chain that all corporates and institutions rely on.

Cyberattacks are rife and if you are not already identifying the risk in your supply chains you can no longer afford not to. All it takes is for an employee at one of your suppliers to click on the wrong email or forget to update the antivirus software and ransomware attackers have a fast track into shutting down your whole business.

What is preventing your business from managing supply chain cyber risk? 

Common factors that prevent FMCG, luxury and sporting goods brands from managing supply chain cyber risk include:

• Fear of overwhelm. You believe you have too many suppliers and that monitoring them is too difficult.
• Fear of the failings and insecurities you will unearth if you do investigate.
• Fear of using up resource and skill when you are struggling to protect your own organisation.

But this approach ignores potential impacts that could cause even greater damage. Understand the risks, and your business will be in a better position to respond if something goes wrong. If you have already done the strategic thinking, when trouble strikes you can apply your finite resources to the areas you have identified as most important.

It’s why the McKinsey report warns: “Supply-chain risk management needs to be incorporated into regular decision-making and planning processes. Embedding risk-management capabilities as a regular ingredient of business decisions in operations is the first step towards creating a true risk culture and a resilient company.”

This is where C2 Cyber comes in. We are experts in cyber security and vendor risk management, with a proprietary COBRA platform that enables our clients to identify the supply chain risks that pose the greatest threat then focus their limited resources on collaborating with supply partners to reduce them.