Businesses face growing exposure from hidden weaknesses in their supply chains, executives warned at a London crisis management forum, noting that gaps in data and oversight increase the difficulty of both obtaining insurance cover and mounting effective crisis responses.
The roundtable, Crisis Management: Adapting to a Changing Threat Landscape, was co-hosted by Intersys and Semperis and brought together 15 senior leaders from healthcare, energy, insurance, risk management, and technology. Participants discussed lessons from recent disruptions such as the Iberian energy blackout and ongoing cyberattacks on global retailers and manufacturers.
Supply chain opacity was a central concern. Guy Williams, exposure subject matter expert at Ebix Europe, said many businesses cannot provide meaningful data about their suppliers, which complicates both exposure management for insurers and real-time response when crises strike.
Other recurring weaknesses identified included unrealistic crisis simulations, lack of clear decision-making beyond senior executives, reliance on informal communication systems, and human vulnerabilities such as overworked response teams and departing staff who retain access to systems.
Catherine Geyman, director of enterprise risk management at Intersys, called for organisations to move beyond box-ticking exercises. She pointed to the UK Financial Conduct Authority’s requirement for banks, insurers, and PRA-designated firms to implement new operational resilience standards by March 31, 2025.
“Resilience isn’t just about technology – it’s about people, processes, and culture,” she said, noting that new threats such as deepfakes and systemic infrastructure failures require realistic testing and stronger communication frameworks.
Simon Hodgkinson, strategic advisor to Semperis and former BP chief information security officer, said that response plans often fail to consider communication breakdowns or cultural differences in global operations. He noted the importance of clear escalation and authority beyond the C-suite.
Hannah Brambani, head of operational performance at Pro Global, said companies must stress-test their own systems and processes, warning that for re/insurers, identifying weaknesses such as supplier dependencies and access management is critical.
The concerns align with industry research. According to Willis Towers Watson’s Global Reputational Risk Readiness Survey 2024/25, 65% of senior executives named cyberattacks as the leading reputational risk, compared with 24% in 2023. The survey also reported that 86% of organisations have a formal process for managing reputational risks, though only 11% have advanced modelling to assess financial consequences.
WTW’s Crisis Management Annual Review 2025 found that conflicts, political instability, and trade disruptions have widened the range of operational challenges companies must prepare for.
The cyber threat environment is also accelerating. CrowdStrike’s Global Threat Report 2025 recorded an average breakout time of 48 minutes for attackers to move through a network once inside, with the fastest case at just 51 seconds. The report noted a 442% increase in voice phishing attacks in 2024 and the addition of 26 newly named adversary groups, bringing the total tracked to 257.
With executives citing both technological and human vulnerabilities, the London forum concluded that preparedness requires improved supply chain visibility, realistic simulations, and crisis authority extending beyond senior leadership.
How should companies address the supply chain blind spots that continue to complicate crisis management? Share your thoughts in the comments.
