Businesses overlooking supply chain risk

Cyber and regulatory risks have risen to the top of the board agenda, replacing political and economic concerns. But companies aren’t giving enough attention to a crucial exposures in their supply chains

Businesses overlooking supply chain risk

Risk Management News


No sense losing sleep over problems that are out of your control.

That’s the attitude business leaders have adopted in response to a global political environment that feels like it turns gloomier and doomier with each passing day.

Instead, they’re focusing their efforts on business risks that the board can manage. Namely, cyber and regulatory risk. Those were the two top risks cited by business leaders in CNA Hardy’s newly released Spring ’18 Risk and Confidence survey. But amid a slightly more optimistic outlook, businesses leaders still aren’t giving supply chain risks the attention they deserve.

The survey, based on findings gathered in January and February of this year, revealed some dramatic changes in the risk landscape. Leaders’ cyber risk concerns grew by as much as 27% in some sectors since the last time CNA Hardy checked the pulse of businesses in Autumn ’17 – a number that’s expected to continue to soar throughout 2018. Regulatory risks were the second-biggest reported fear, with over a third of respondents identifying compliance as a key focus.

On the other hand, political and economic risks have moved down the radar – by 18% and 6%, respectively. “We’re quite pleased that cyber and regulatory risks are now moving up in terms of profile, because those are risks that the board can deal with,” says Patrick Gage, CUO of CNA Hardy. “They can put in place actions and structures that help mitigate against those. It’s very difficult to put in actions and structures that mitigate against political and economic risk.”

2018 has ushered in a slew of regulatory burdens for businesses to contend with. “For those firms that we chatted with directly, first and foremost, GDPR weighed quite heavily –  50% feel they are ill-prepared or not prepared at all,” says Dave Brosnan, CEO of CNA Hardy. “That’s staggering stat.” The data proception and privacy law is slated to take effect next month, subjecting businesses worldwide to stringent regulations concerning data EU citizens’ data.

“Brexit is another thing,” says Brosnan. “It has double whammy effect: Firms must comply with existing and future regulations –  and there’s uncertainty regarding what those may or may not be.”

Cyber, once relegated to the IT silo, has climbed its way to the top of the corporate agenda. “Cyber and regulatory risk are interlinked,” says Gage. “If there is a breach, then there can be direct accountability so that’s right up there with boardroom risk.”

Despite well-warranted attention on cyber and regulatory exposures, CNA Hardy found that business leaders are continuing to overlook crucial vulnerabilities. “One of the things we’re slightly surprised about from a risk management point of view is the continuing under-emphasis on supply chain risk despite high profile failures of supply chains recently,” says Gage.

Look no further than KFC’s recent #chickengate disaster to serve as an example. The fast food chain has come under a firestorm of public disapproval since experiencing shortages in key supplies – including chicken!

“Supply chains are a crucial business risk to companies, and it doesn’t appear to us that they’re being considered at the level of seriousness that they should be,” Gage says. “A lot of multinational companies operate in many countries and so they do have complex and crucial supply chains that they need to protect. Risk managers need to raise the vulnerability at board level.”

Keep up with the latest news and events

Join our mailing list, it’s free!