Few analysts cite cybersecurity as the most significant factor to supply chain continuity. It’s rarely even a second priority. Logistic miscommunications, product manufacturing delays, shipping interruptions, and port operations backlogs—to name a few—are constant, common risks to critical supply chains. A new virus threw markets into pandemonium before settling on a “new normal” that still feels tenuous.
And perhaps the most volatile threat is geopolitical tensions. In hours, nation-state alliances can switch, causing the price materials, inputs, and transportation to skyrocket or plumet. The same globalization that kicked production into hyperdrive has brought with it new risks—and the impact of national borders and trade policies are rapidly being overtaken by corporate relationships and their underlying technological infrastructure. In that context, cybersecurity is vital to protect vulnerable and highly valued resources, ensure distribution routes, and secure online transactions. While it might not a traditional first question, it is interwoven through your executives’ and Board’s top concerns.
Cyber warfare and geopolitics
The last year has thrown into sharp relief just how quickly conditions can change, as a longstanding Cold War of ideology and alliances turned hot almost overnight. Russia and Ukraine provide more than 25% of the world’s grain supply, so an armed conflict massively disrupted the international grain supply. Until the United Nations’ Black Sea Grain Initiative ensured Ukrainian ships safe passage through several Baltic ports, grain exports suffered, driving the cost of food products up. Kansan farmers and Parisian pastry chefs saw their livelihood shift, though they felt no risk of physical attack.
But the risk was not limited by political boundaries.
While artillery and ammunition dominate the news cycle, relatively hidden cyber warfare is ongoing. Malware operated by hacking groups connected to the Kremlin exports sensitive data from Ukrainian government agencies and destroys the host technology afterward. Russia has also targeted Ukrainian energy infrastructure, causing heat, light, and WiFi interruption, through both missile strikes and cyberattacks. Hacktivists around the world joined both sides of the conflict by targeting both public and private institutions. Corporations’ technological interventions impacted military outcomes. Technology brought the conflict to companies’ warehouses and plant floors.
Cyber economics in corporate America
In the U.S., the economics of corporate cyber risk disclosure are shifting.
Technological risk to investment security is now regulated by the U.S. Securities and Exchange Commission (SEC). The new requirements stipulate organizations must measure and disclose cyber risk to investors for full financial transparency.
Yahoo! Inc. was fined a “$35 million penalty to settle charges that it misled investors by failing to disclose what was at the time the largest-ever theft of user data, affecting over 500 million user accounts.”
Fines, brand reputation damage, and operational disruption often cost companies far more than cyber governance and compliance or simple cyber hygiene practices like password authentication.
But public and private corporations aren’t shifting yet: only 17% of Fortune 100 companies disclosed adequate cyber information to their boards in 2020. A National Association of Corporate Directors (NACD) study from the same year found as many as 61% of business leaders “would be willing to compromise cybersecurity to achieve business objectives.”
Secure your supply chain to understand your risk
Organizations need to shift their view of operational efficacy from smooth and fast to smooth and secure. Moving textiles internationally at a fast tempo doesn’t equal efficiency if data insecurity means profit is leached from the manufacturer before the product reaches the consumer.
Digitization demands cybersecurity. Each device on your plant floor, each sensor in your transportation has increased your attack surface to threats from actors acting on economic, ideological, or political motives. When the digital transformation made every company a technology company, it also made every company a cybersecurity company. Complex supply chains are a crucial vulnerability – and that vulnerability must be addressed as a coalition.
Sharing data across your supply chain will often increase efficiency. The more information organizations share with partners in a supply chain, the more efficiency is realized. That’s why appropriate supply chain security is solved for in a coalition. Effective cybersecurity within an organization must be viewed as an enabler: “here’s how you can work safely,” not “you can’t do this.” Similarly, mitigating supply chain risk must start from an agreement on the cybersecurity that will enable smooth operation.
Disclose your cyber risk – including the risk along your supply chain
Cyber risk disclosure to investors is complex. Early adopters might fear new risk disclosure will reduce support. Instead, the market is demonstrating we must view it as increased accountability for the success of your business. Just as upstream environmental impacts harm businesses, our digital economy will grow increasingly unfriendly to organizations without strong cybersecurity awareness in place.