As digital technology continues to grow and develop, so does the need to implement it, including in supply chain operations. But with new technology comes new risks, including cybersecurity attacks, and supply chain organizations are taking note.
According to a statement from Gartner, by 2025, 60% of supply chain organizations will use cybersecurity risk as a “significant determinant” when conducting third-party transactions and business engagements.
The information arose from a survey Gartner conducted of 499 supply chain leaders between October and December 2022. On average, respondents said that 73% of their supply chain IT budgets will be allocated to driving business growth and enhancing performance.
“Our survey data has shown an aggressive stance among [chief supply chain officers] who are looking to invest in growth through multiple new technologies,” said Brian Schultz, senior director analyst in Gartner’s Supply Chain Practice, in a written statement. “However, each new technology introduces new partners, vendors and service providers into the digital supply chain. The implication for cybersecurity risk is an ever-growing number of new pathways to potential attacks from malicious parties.”
Based on this data, Gartner predicts one third of supply chain organizations will utilize industry cloud platforms by 2026. This is in part due to companies looking to reduce costs while mitigating disruptions, especially in light of the supply shortages caused by the pandemic.
“In evaluating new technologies to drive growth and manage costs, a revamped approach to third-party risk assessment will be necessary to inform buying decisions, as a successful cyberattack on the supply chain is almost unique in its position to undo nearly all of the key objectives of CSCOs this year,” said Schultz.
Gartner reports that the increase in digital technology is not the only factor for a growing interest in cybersecurity. C-suite partners, boards, government regulators and customers are all just as concerned about cyberattacks and the vulnerability of a digital supply chain.
Schultz recommends supply chain organizations implement the following with any cybersecurity plan:
- Up-to-date third-party cybersecurity standards
- Mechanisms for enforcement of these standards in contractual language via executed and amended contracts
- The development of an audit program to enforce the supply chain cybersecurity plan
“A supply chain cybersecurity program will play a significant role in future buying decisions and third-party risk mitigation,” said Schultz. “In addition, regular audit data from a supply chain cybersecurity program can serve as key performance indicators that can be reported to the board, auditors and business partners.”