Preparing for Supply Chain Cyberattack (Insights from Indago)

In January 2022, the Luxembourg Times reported that “European Union governments will launch…a large-scale simulation of cyberattacks against multiple member states. Participants will be confronted with attacks on their supply chains and some spillover socio-economic effects in other member states, before having to coordinate public communications and a diplomatic response.”

Inspired by that story, we asked members of our Indago supply chain research community — who are all supply chain and logistics executives from manufacturing, retail, and distribution companies — “What is the probability that a major cyberattack will disrupt global supply chains [in 2022]? How prepared is your supply chain for a cyberattack?”

More than two-thirds of our member respondents (69%) believed that the probability was “Very High” (30%) or “High” (39%) that a cyber attack would disrupt global supply chains.

Source: Indago, January 2022 survey (n=23)

“Since supply chains are long and complex, they make easy targets for cyberattacks,” said one Indago supply chain executive. “Simply attacking one small node can reap large-scale chaos and provide hackers with the monetary rewards they are looking for. Since the playbook has already been established, it’s only a matter of time until there are more [cyberattacks].”

Another member added, “I feel like the probability of this happening is extremely high. At my own company, I feel that we are not [fully protected] from cyber attacks.”

Only 26% of our member respondents said that their companies were “Very Prepared” for a cyberattack on their supply chains, while 43% said they were only “Slightly Prepared” (30%) or “Not prepared at all” (13%).

Source: Indago, January 2022 (n=23)

“No efforts are underway to head off a cyberattack,” said one supply chain executive. “With supply chains as fragile and spread thin as they currently are, I anticipate this could be disastrous should a cyberattack occur.”

Here are some additional value-added comments from our members:

“This has been an issue for years. It is not something that we just woke up to this morning and we are suddenly vulnerable. We are actively monitoring and putting in place tools to mitigate this type of malicious activity within our organization. We have not worked with customers or trading partners, bolstering our network security first.”

“The focus for us has been on cybersecurity more broadly versus specific to the supply chain. We vet our vendors to help alleviate potential risks, and we work with a third-party vendor that ensures our systems are as protected against attacks as possible — including the use of multi-factor authentication for several applications we use. Beyond that we have not done much else in the way of [preparing for a cyber attack].”

“We have already experienced attempts to break our cybersecurity in the past 6 months.”

“This is an under-reported phenomenon as I am aware of many companies that have been cyberattacked (that is, their data was held for ransom) but they did not make it public.”

What actions, if any, is your company taking to minimize the risk and impact of a cyberattack on your supply chain? Are you coordinating your efforts with your suppliers, customers, and other trading partners? Post a comment and share your experience and perspective on this topic!

For related commentary, please read “You’ve Been Hacked! The Growing Threat of Supply Chain Cyber Attacks.”

Why Join Indago?

There are many reasons to join Indago, but here is the biggest one that differentiates us from other research organizations: your participation helps to make a difference in people’s lives.

To date, we have donated over $17,000 to various charities, including JDRF, American Logistics Aid Network, American Cancer Society, Feeding America, and Make-A-Wish.

That is the meaning behind our tagline: “Be Uncommon. Research with Purpose.”

If you’re a supply chain or logistics practitioner from a manufacturing, retail, or distribution company — and you’re interested in learning from your peers — I encourage you to learn more about Indago and join our research community. It is confidential, there is no cost to join and the time commitment is minimal (2-4 minutes per week) — plus your participation will help support charitable causes that make a difference in people’s lives.