“Modern supply chains are more than just ships and trucks. We need to update the definition of a supply chain before we can say confidently that we’re able to manage these risks effectively.”
Cyber risks overlooked
About 73 per cent of companies have not considered cybersecurity in their latest risk management plans, and only one in six believes a cyberattack on a third-party supplier is a risk in the next year.
Supply chain attacks in cyber can be devastating and have a long tail. For example, an attack by cybercrime group Cl0p hit more than 2000 organisations worldwide earlier this year, including PwC, EY, the BBC, US federal agencies and energy giant Shell. Cl0p broke into file transfer service MOVEit and spread as different organisations used the compromised service to do business.
About 74 per cent of respondents have not considered geopolitical risks in their risk management plans. This is despite Russia’s invasion of Ukraine, tension with China that led to trade sanctions being imposed on Australia, and the latest flare-up in the Middle East, which began after the research was conducted.
A further 74 per cent of respondents have not considered supply chain risks in their risk management plans, 73 per cent have not considered counterparty risks – those associated with a partner in a transaction – and 80 per cent have not considered legal and regulatory risks.
“Geopolitical tensions or natural disasters are just as likely to shut down an essential offshore software development team or call centre as they are to disrupt physical supply chains like shipping lanes and ports,” Mr Fehon said.
“We believe this data shows that business leaders have not grasped the impact that global events such as US and Taiwanese elections, the conflict in Ukraine and other regional disruptions will have on their ability to do business.”
The research surveyed 308 Australian executives, managers and board members with more than 50 employees across industries. The sample was weighted across industry and location to represent about 86,000 businesses.
A number of other responses suggest many businesses are not prepared to respond to risks in their supply chains.
Worryingly, 26 per cent of respondents have never considered or discussed supply chain risks, and 27 per cent have not updated risk management plans in the past two years.
