Cyberattacks are on the rise — with 80 percent emanating from within the supply chain and costing an average of $6.5m. This places IT, supply-chain management and risk professionals in the crosshairs for major enterprise disruptions.

In fact, cyber risk holds two of the top five slots in the World Economic Forum’s 2018 Risk Report.

There’s more bad news: About 45 percent of all companies estimate the value of cyber breaches, and just 11 percent quantify or assess those breaches. On average, it takes about 288 calendar days before companies broadcast data breaches to their customers, suppliers and stakeholders. And finally, there’s a big disconnect between what IT-SCM executives say they send to the board of directors and what the directors say they receive.

So, what are the needs for the next several years?

A three-tiered approach offers passive, proactive and reactive methodologies.

Passive

We’re starting to see more consortium-like groups developing Cyber-SCM Indexes, covering cyberthreats, defining them, providing “Heat Map, Hot-Zone Clusters,” by regions around the globe, highlighting vulnerabilities and providing some recommendations. Also, more comprehensive standards are required as frameworks and guideposts. And there is need for more education and workshops on cybersecurity and risk management, culminating in new certifications. Finally, we need new Cyber-SCM insurance. These new packages can be construed as passive, proactive and reactionary.

Proactive

We see a need for new, robust cybersecurity tools, techniques and solutions. Many will be in the cloud and will be subscription-based. These new tools will utilize artificial intelligence, machine learning and cognitive computing to constantly scan the supply chain network portals for foreign bodies, hunt them down, isolate them and mitigate the risk to the integrity of the supply chain. This area will also include more stringent requirements inside supplier and customer contracts, which will require assessments and designations proving these partners have Cyber-SCM accreditation from third-party testing companies.

Reactive

We see a need for new Cyber-SCM-Risk Simulators that can provide forums to develop possible attack scenarios and then simulate how a company might mitigate those risks in order to develop risk response plans. This will require additional tools in the form of simulators or games, either built by the company or developed and facilitated by third parties. New Cyber-SCM-Risk insurance packages, covering all the ancillary costs of identifying, assessing, mitigating and managing these risks can also be considered a reactionary game plan as well. And finally, additional tools to respond aggressively to any type of attack to the supply chain and bring it back to a steady-state.

The Outlook

This is the New Wild West of supply chain. Companies taking this three-tiered approach will 1) circle the wagons to identify threats, 2) put on their chaps to control access, provide awareness and continuous education, 3) keep a lookout, by constantly monitoring for and responding to threats with well-oiled contingency plans to analyze and communicate and 4) play the ace-in-the-hole, meaning, expediting their time-to-recovery and return to normal operations.

Gregory Schlegel is founder of The Supply Chain Risk Management Consortium and executive-in-residence at Lehigh University's Center for Supply Chain Research.