Risk Management: Is 2018 the Year of Living Dangerously?

Stephen DeAngelis

April 04, 2018

Companies with global supply chains are scrambling to make them more resilient as protectionism increases, tariffs are levied, and rumors of trade wars heat up. A.T. Kearney executives Sean Monahan (@SeanTMonahan) and Johan Gott ask, “Is your global supply chain living dangerously?”[1] They continue:

“It’s not a simple question. Globalism has been a boon to the supply chain by expanding sourcing, opening new markets, accelerating growth and highlighting opportunities to save money. It has also always had issues: supply chain complexity; global competition; information collection challenges; and greater risk from global events including natural disasters, port closures and anti-global sentiment. Today however, the open trading system, which is the very underpinning of global supply chains, is increasingly questioned by large segments of populations and their elected officials.”

Taken as a whole, the issues raised by Monahan and Gott are enough to keep any risk manager awake through the night.

Just when you thought things couldn’t get worse

If supply chain complexity, global competition, information collection challenges, climate change, natural disasters, and protectionism aren’t enough to worry about, Benjamin Roussey insists five IT security risks are going to make 2018 a nightmare for risk managers. He writes, “2018 will bring unprecedented IT security threats and challenges for all businesses.”[2] Those risks are:

1. Crime as a Service. “The Information Security Forum (ISF) predicts that Crime as a Service (CaaS) will continue to pose grave security threats to enterprises and individuals alike. … CaaS will slowly but steadily put everyone — enterprises, SMBs, individual businessmen, and personal Internet users — at an equal level of risk exposure.”

2. Security threats for the Internet of Things (IoT). “IoT devices are everywhere around us, from smart speakers to autonomous drones. IoT, in fact, is being imagined as the next big thing to happen after the industrial revolution. IoT devices, however, are not inherently secure by design. As we step into 2018, enterprises must realize the risks associated with their IoT ecosystem.”

3. Risks to supply-chain processes. “With time, more and more enterprises have made their supply chains extremely dependent on web-powered apps. Also, the expanse and coverage of these technologies have multiplied, as enterprises continue to integrate with suppliers, co-packers, manufacturers, warehousing teams, and procurement service providers. The amount of information flowing in and out of company’s systems, for a supply-chain management process, is massive. Sharing of information, however, causes your control to be compromised, leading to risks to confidentiality and integrity.”

4. Noncompliance with GDPR. “On May 25, the General Data Protection Regulation (GDPR) comes into force. The regulation is applicable to every organization that does business in the European Union (EU). Naturally, most leading companies in the world come under the ambit of this regulation, as do many small and medium-sized businesses. The key focus of GDPR is to unify and strengthen data protection of individuals whose data is managed by an organization. GDPR is aimed at bolstering the data-security readiness of organizations. However, noncompliance risks are what’s keeping CISOs awake at night.”[3]

5. Shrinking and disappearing cyber-insurance coverage. “In 2017, WannaCry ransomware outbreak exacted damages valued at more than $4 billion. It’s unfortunate but very likely that there will be more such cyberattacks in 2018. The cyber-insurance industry is likely to respond sharply to this. Because of the massive surge in risk exposure of IT systems, these companies will realize that they’ve underpriced the risks for themselves.”

If beads of sweat have yet to appear on the brow of your risk manager, it may be time to look for someone else to lead your risk management project or look to get him some technological help.

Technology to the rescue

I would love to tell you technology can make all your resiliency concerns disappear. I can’t. That doesn’t mean technology can’t help. Monahan and Gott note, “It takes a broad suite of tools to effectively manage a supply chain today, including everything from software and systems specializing in logistics, data analytics and inventory management to tools enabling demand forecasting, freight management and ensuring security and beyond.” One of the most powerful tools in the supply chain manager’s kit is cognitive computing. Dr. K. Srinivasa Rao, Director at India’s National Institute of Banking studies and Corporate Management, explains, “[One important development] in the field of risk management is the recent emergence of AI concepts — specifically cognitive computing. [Cognitive computing] involves advanced technology platforms that can address complex situations that are characterized by ambiguity and uncertainty. Due to the dynamic operating and market environment, there are more uncertainties in predicting or assessing the impact of economic events. Therefore, cognitive computing has begun to augment business decisions and power performance right alongside human thought process and traditional analytics. In fact, the domain of risk management lends itself particularly well to cognitive computing capabilities, as typical risk issues often include unlikely and/or ambiguous events.”[4]

Vijaya Kumar Pisupati, Vice President Data Science and Analytics at YASH Technologies, observes, “Analyzing various levels of risk and building in resilience is the next frontier in supply chain management. … Resilience consists of two critical system components which are complementary: the capacity for recovery and the capacity for resistance.”[5] Cognitive technologies can help with the analyses of these two components of resilience. Pisupati explains:

“Organizations have very little or no time to re-plan in the event of natural disasters or other large-scale disruptions. Supply chain resilience ensures an organization’s ability to identify risk probabilities, prepare recovery scenarios, and alter plans based on unexpected demand surges, and change supplier capabilities when the unexpected happens. In order to react effectively and swiftly, organizations must be able to quickly determine affected supply, the products comprising those components, the location of inventory within the whole network, and options for alternate supply. It’s being agile enough not to be paralyzed by disruptions by understanding quickly and responding promptly. Organizations are seeking the help of technology to ensure resilience in their supply chain, with a greater emphasis on protecting organization’s brand, reputation, assets, and data. With the presence of technologies such as in-memory computing and improved analytics algorithms, companies can now analyze complex supply chain questions that took days or weeks, in a matter of minutes or hours. The speed of analysis and data precision are both valued greatly for companies pursuing resilient supply chains.”

As I noted earlier, technology won’t make all your troubles go away; but, it can help.

Summary

Monahan and Gott conclude, “The supply chain manager’s traditional arsenal is overflowing with tools designed to address all contingencies. It is increasingly clear that contingencies that were once only possible may become, in the near future, probable. But, how do you forecast and address these possibilities? A.T. Kearney contends that the C-suite must now elevate strategic decision-making from the traditional analytical exercise of evaluating factor costs arbitrage (labor, utilities, logistics etc.) to a more resilient ‘trade-game-theory’ and ‘scenario planning’ exercise to prepare for increasingly prominent political risks.” Cognitive technologies can help those exercises as well as contribute to other areas of risk management. If you think things are going to calm down, Laura Guitar, head of the Reputation & Risk Advisors division at rbb Communications, suggests you don’t hold your breath. “There are many indicators that 2018 is setting up to be The Year of the Crisis,” she writes, “and businesses that aren’t ready to respond may find reputation, operations, and future prospects submarined by issues that spiral out of control. … We may look back on 2018 as a transition year in which we moved from feeling like business was beset by wave after wave of crises to an equanimity with the pace of the world that recognizes this as the new normal. In the meantime, The Year of the Crisis is upon us. Companies that emerge successfully will do so, at least in part, because they have strategy, speed and resiliency built into their risk and reputation communication programs.”

Footnotes
[1] Sean Monahan and Johan Gott, “Building resiliency in your supply chain,” Supply Chain Management Review, 27 February 2018.
[2] Benjamin Roussey, “5 IT Security Threats that will make 2018 a Nightmare,” Techgenix, 6 February 2018.
[3] For more on this topic, see Stephen DeAngelis, “Concern Grows as GDPR Nears,” Enterra Insights, 2 January 2018.
[4] K. Srinivasa Rao, “Artificial Intelligence in risk management,” Daily Mirror, 7 February 2018.
[5] Vijaya Kumar Pisupati, “Supply Chain Visibility, Responsiveness and Resilience,” Yash Technologies, 5 October 2017.
[6] Laura Guitar, “How to prepare for 2018: The Year of the Crisis,” The Business Journals, 16 January 2018.