Gartner Blog Network


Suppliers and Manufacturers Must Join Forces to Combat Digital Security Threats

by Mark Atwood  |  November 17, 2017  |  Submit a Comment

A clear disconnect between Suppliers and Manufactures indicates a critical breach point that must be addressed

Over the last several years, we have seen “cybersecurity” climb to the top of the list of major risks faced by heads of Supply Chain at manufacturing companies. In our most recent survey of Chief Supply Chain Officers, it was the #1 risk in the short term, (48% of the respondents said it was a “high risk concern”) and it likewise was the #1 risk in the long term (41% at “high risk concern.”)
Cybersecurity for the Supply Chain exists as a complex and fragmented problem. There is not even universal agreement that the term “cyber” adequately captures the combinations of virtual and physical threats to the modern Supply Chain. In our recent research note

Combat Digital Security Threats to the Supply Chain   

(Available to Gartner Supply Chain members)

we offer a comprehensive new framework for approaching these threats through the holistic lens of “Digital Security,” which looks across a Supply Chain’s Data and IT, Operations, and Product capabilities. In this research we examine the nature of the threats, identify the major challenges with instituting a Digital Security approach, examine where SC leaders are focused right now, highlight some of the tools being used, and lay out a timeline that Supply Chain leaders are following as they look to protect their supply networks from malice, upstream and downstream.

Of the challenges we discuss in the note, our research highlights a particular worry amongst manufacturers, focused squarely on their supplier base. As they instill more rigor to their product security, they told us that they are struggling with the change management involved, specifically with their suppliers. They indicated in our interviews that the Digital Security risk was not taking priority with these partners, which was leaving them feeling exposed to not only data leaks (cost, parts detail, IP) – but, more increasingly, the actual code itself that is embedded in the componentry these suppliers provide.

A just-released survey from 3M puts a resounding exclamation point on this disconnect.

Driving Growth and Innovation Through Supplier Relationships

In this survey “cybersecurity” was defined as the absolute bottom risk facing their business, from the suppliers’ point of view. As the study says, “Despite the recent prevalence of headline-making security leaks and breaches, cybersecurity did not resonate as a major concern for suppliers, a potential oversight that could have far-reaching implications for the supply chain.”

Indeed. As 2017 proved, the Supply Chain Digital Security risk is real. We witnessed actual Supply Chain operations come to a screeching halt. We must close this gap with our suppliers, with the stakes so high: disruption of the actual operation of the Supply Chain, with the associated rise in costs and reduction of service levels, can devastate a company’s financial results. Additional downside includes significant damage to brand and reputation, product safety and integrity issues, privacy violations, trade and compliance implications, loss or theft of intellectual property, and substantial fines and fees. With numerous exposure points along the lines of data and IT, operations, and product, suppliers must join manufactures (now!) to combat the Digital Security risk.

Category: 

Mark Atwood
Managing VP
11 years at Gartner
24 years IT Industry

Mark Atwood's experience includes more than 23 years of work that spans research, consulting, strategy and operations, and marketing. He also brings an IT end user's perspective to his role. Mr. Atwood is a Managing Vice President within Gartner's Supply Chain Research organization. He is the Team Manager for the Industries Value Chain team, which covers healthcare/life sciences, consumer packaged goods, retail, high tech, industrial, and process chemical from the supply chain perspective. Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.