The trouble with supply chain security – from MHD magazine

Vivek Sood

I am, of course, talking about supply chain managers. The mobile does not stop ringing from the time they take it off silent in the morning, to the time they are ready to crash. If it is not a customer calling about ‘another botched-up delivery’, it is one of the service providers calling about ‘another unpaid invoice”.
Literally, hundreds of things can go wrong as millions of things are moving around 24×7. And, sometimes they go wrong all at once. Like when a customer threatens to walk away AND a supplier takes you to court.
Nobody thinks of supply chain security until it is too late
Who has time to think of supply chain security in the midst of all this? Only those who are most serious about their careers in the supply chain.
‘Why is that the case,’ you ask? I think, by the end of this article the answer will be crystal clear to you.
I have written in many places before that the traditional supply chain model is gradually failing and will be relaced by a supply chain model that is radically different.
It is true! Think about Sears, and all the others who were blindly copying Sears in the 80’s and 90’s. It gives me no pleasure to name all the favourites of the yesteryears in this context.
Anyway, one would have to be living under a rock not to know the names I am talking about. And, by the end of 2019, there will be many more names to add to that list.
But, this article is not meant to compare and contrast the supply chain models of yesterday, today and tomorrow. I will write a different article soon to cover that important point.

Figure 1. The key areas for threats. Source: Global Supply Chain Group’s Supply chain security report 2019.

2019 is different
The point to pay attention to is that 2019 is edgy. Things move slowly, but in a ‘definitive direction’. And this is the main point: careers are more important today than in the past 20 years.
And nothing has bigger impact on a career than a major incident in the supply chain. What’s a major incident?
Let me describe a typical 1-minute video from a popular television network:
The video opens with a typical family living room scene. A woman is sitting on the couch with three very young children holding a plate of strawberries in hand. Voiceover starts describing what happened to the family as a nightmare: the 9-year-old cute boy almost swallowed a needle embedded in the strawberry. The boy describes how he pulled the needle out of his mouth.
Authorities called it a vicious sabotage. Video goes on to describe how the tampering spread from Queensland to almost every state in Australia, and how some people ended up in hospital after swallowing a needle. Police come on screen and describe their investigations, and supermarkets’ precautionary steps to remove the strawberries from stores are noted. Copycat attacks of sabotage are mentioned and damage to the economy and strawberry markets are described.
But sabotage is not the only type of potential incident that can hit your supply chain. There are many other types of potential incidents.
In fact, in a project last year we identified at least seven types of potential supply chain risks – each with very complex supply chain implications.
Threats to supply chain security
Even making a list of all the different types of potential supply chain security breaches and related incidents is difficult. Once you go past the most obvious ones, where do you stop? And, how do you neatly group them?
Take a look at Figure 1. The risk assessment and mitigation work in supply chain is extremely painstaking and thorough. All the projects we have done that involve this kind of work left me dissatisfied despite the projects being quite lucrative and enlightening.
Why do I say that?
Because no matter how much you know, you cannot make a list of everything you don’t know that can happen. And that is just the trouble with the qualitative part of supply chain security and risk management.
On the quantitative side, it is even worse.
Try multiplying infinity by infinity. How do you assess the probabilities of something that has never happened before, but is likely to happen at some point in future? And, then how do you assess the full repercussions of that event, up and down the supply chain?
Did you know that in 2000 Ericsson permanently lost its pre-eminence in mobile phones market to Nokia, mainly due to a fire in a chip factory owned by Philips. How Nokia lost its crown to Apple due to its supply chain missteps is another story worth talking about. As is the story currently underway, how Apple is losing its crown due to its supply chain missteps.
But I digress. Let’s get back to the talk of supply chain security. People ask me why supply chain security is in such a dismal state that only by sheer providence (and goodness of the population in general) we do not have more incidents.

ABC of ‘supply chain security’

The main reason is that most security professionals do not even know the ABC of supply chains, and most supply chain professionals bother only vaguely about ABC of security.
A secondary reason is that it is just too difficult to secure supply chains with the current level of resourcing in most companies.
Think about this: the truth is that there are so many moving parts in today’s supply chain that it is impossible to keep track of them all with the current level of supply chain resourcing.
And companies are always reluctant to give more resources for anything, especially something as ‘unproductive’ as security, unless justified by a bulletproof spreadsheet vetted three times over by the most painstaking auditors.
Who will cop the blame for breaches of supply chain security?
All this would not matter in the past when everyone could pretend that every security breach incident was a one-off, ‘could not be foreseen or prevented’ kind.
Today, irrespective of whether it could be prevented or not, everyone – regulators, governments and public – are hyper-vigilant, and clamour for someone to blame. And guess who is going to cop most of the blame? The person who cops most of the blame when anything goes wrong in the entire supply chain – the supply chain manager.
That trend is only going to escalate. And that is the ‘trouble with supply chain security’.
Vivek Sood is the managing director of Global Supply Chain Group ( For more information visit
[PQ] “There is a tendency in our planning to confuse the unfamiliar with the improbable.” Thomas Schelling.
[Caption for Figure 1.:] Figure 1. The key areas for threats. Source: Global Supply Chain Group’s Supply chain security report 2019.
[Other pic – no caption:]

©2019 All Rights Reserved. MHD Magazine is a registered trademark of Prime Creative Media.