Supply Chain Cyber Resilience – Getting the Balance Right’ was the focus of URM’s webinar during last month’s Business Continuity Awareness Week. The session has proved to be very popular, with excellent feedback on the content. If you missed it you can still view the webinar ‘on demand’ here.

The presentation sets out a straightforward approach to understanding and managing supply chain cyber resilience. It identifies the robust criteria required to recognise high-risk suppliers and supply chains and offers repeatable processes to manage residual risk through the supplier lifecycle. It also introduces the valuable role that tools such as Abriska 27036, can play in improving the cost, efficiency and quality of supplier risk management activities.

The webinar featured a number of polls, which surveyed the risk and business continuity professionals on issues and challenges they were facing within their organisations. One of the most significant findings was nearly 3/4 of respondents revealing that their organisation’s level of dependency on third parties was increasing, with none of the participants declaring a decreasing dependency. This finding alone should serve as a ‘call to action’ for executives to focus more attention and to ramp up investment in supplier risk management skills and capabilities. Without this, they are placing their corporate objectives, strategies and ultimately reputation at risk.

The survey also revealed that more work needs to be done on identifying critical suppliers and sub-suppliers from among the sprawling estate of third parties that organisations use. This can be a daunting task without the support of robust, automated methods that are trusted by all stakeholders. The survey results indicated that 16% of respondents were still determining their set of critical suppliers, while 1 in 3 believed they had more than 100. In URM’s experience, the number is likely to be less than 100 and 47% confirmed it was fewer than 50. This is a much more manageable number and underlines why it is necessary to identify critical suppliers.

Another area of significant interest from the webinar was the use of tools to support the processes of identifying critical suppliers and managing residual risk through the supplier lifecycle. It was surprising to note that 75% are still reliant on general purpose tools such as Excel and SharePoint to handle this task. Although 21% had taken steps to further develop their in-house tools, only 4% had adopted third-party specialist products. This surprised us, as the challenges of increasing supplier dependency, large supplier estates, limited resources and the need to provide assurance to stakeholders, both internal and external, are not easily met with general purpose tools, even if resources are readily available. By introducing workflow automation into supplier risk management, significant efficiencies, as well as improved quality and levels of supply chain collaboration, can be achieved. For our part, URM has invested in developing Abriska 27036 to support our clients with these challenges. If you are interested in understanding more about the benefits and functionality of a dedicated supplier risk management tool, then a 1:1 demonstration can be arranged here. You can discover how tools can help improve not just your management of supplier risk but also help protect your organisation’s reputation.

Lee Glendon, Senior Risk & Resilience Consultant, URM