A digitally vulnerable Supply Chain can lead to disruption of actual operations. It can also lead to significant damage to brand and reputation, product safety and integrity issues, loss or theft of intellectual property, and substantial fines and fees. Given the stakes, security is a top concern for Supply Chain leaders. In our studies of Supply Chain senior executives, “cybersecurity” has been ranked as the top worry for the last two years.
Digitalization has blurred the line between how information is secured and how physical environments are secured, requiring a shared security strategy and planning. The term “cybersecurity” does not adequately capture the physical and the information worlds that are increasingly merging. This can lead to confusion and incomplete approaches to dealing with the expanded threat to the Supply Chain. Therefore, a new approach to governance, planning and management that Gartner designates as “digital security” is required to denote the digital effects on both information and physical environments of the Supply Chain.
Digital security uses the tools and techniques of IT for data and software as well as engineering-oriented techniques from OT, the IoT and physical security automation and management. Both types are also used in product security to minimize vulnerabilities, maintain system integrity, allow access only to approved “entities” (human and machine) and protect assets.
Digital security is an issue for all business processes and capabilities. Supply Chain, however, stands alone in the number of “handoffs” that typically occur from raw material to delivery of finished good with the customer or patient. All the functional areas of an integrated, end-to-end Supply Chain — plan, source, make, deliver, and customer service — are potential touchpoints where threats could occur. Also, many products are now combinations of digital and non-digital components. This is becoming more prevalent with the proliferation of smart products and as a result, focusing on product security becomes increasingly important. Further, many highly complex and multi-tier handoffs exist between a company and its extended network of suppliers and customers. Given this, Supply Chain offers nearly immeasurable vulnerable points at risk of harm.
Digital security for the Supply Chain requires the governance, management and development of operational processes. It uses security tools and techniques for protecting information and physical assets to achieve regulatory compliance, and maintain privacy, safety and resiliency across the supply chain.
Our recently published Best Practices note, Take an Integrated Approach to Improve Digital Security for the Supply Chain, details the digital security risk to the Supply Chain and offers a conceptual framework and recommendations for Supply Chain leaders struggling with this highly fragmented topic. This research is available to Gartner Supply Chain clients.