The Supply Chain Matters blog continues its series of unveiling 2019 Predictions for Industry and Global Supply Chains. In this Part Four posting, we highlight our continuing prediction that Cyber-risk and information security safeguarding are mandatory competencies in the coming year. Predictions

On an annual basis, the Ferrari Consulting and Research Group provides a series of supply chain management focused predictions for the coming year.  These predictions are provided to our clients and readers of this Supply Chain Matters blog in the spirit of advising line-of-business, multi-industry cross-functional supply chain management and supporting IT teams a sensing of meaningful initiatives, programs or capabilities we feel will be of importance.  The predictions further serve as our continued research and client advisory agenda in the coming year.

The context of these predictions includes a broad cross-functional umbrella of what today is supply chain management, and includes areas of supply chain leadership and strategy, product management, strategic sourcing and procurement, planning and execution, manufacturing, transportation and logistics, online fulfillment.

We initiated this series in a blog that summarized themes and insights included in all ten of our predictions.

Part One of the series highlighted what industry and global supply chain management teams should expect from a global economic outlook perspective.

Part Two highlighted our prediction of alarming talent needs among all functional and technical support areas of supply chain management.

Part Three of the series addressed unprecedented levels of global supply network challenges that can be expected in the coming year.


2019 Prediction Four: Cyber-Risk and Information Security Safeguarding are Mandatory Since the Threat of a Cyber Attack Involving Supply Networks is Inevitable.

For 2018, we predicted that cyber-related risk and information security safeguarding would consume business, IT and industry supply chain teams, not so much by choice, but from compelling needs dictated by stockholders, boards and C-Suite executives.

Cyber-risk and major cyber-attacks indeed escalated during 2018. The latest major public incident came in December 2018 with the disclosure from hotel chain conglomerate Marriott International that it was the latest company to fall victim to a serious data breach which allowed cyber criminals to steal personal information of 500 million customers. Credit card numbers, email addresses, and passport numbers were among the information stolen by criminals after they breached the hotel chain’s reservation system, starting as far back as 2014. Initial speculation from government cyber investigators indicate that the source of the hack may have come from one of China’s national intelligence agencies, implying yet another potential example of a state-sponsored cyber-attack seeking more than just credit card data.

The World Economic Forum disclosed results of a survey among over 12,000 executives around the world regarding what they believed were their biggest risks in doing business. Cyber-attacks and data fraud were identified as two of the top five global risks in terms of likelihood. Yet other surveys indicate that some senior executives have yet to acknowledge cybersecurity as a strategic priority. We anticipate that this trend will change in the coming year since supply chain management and line-of-business executives are very aware of the current threat level. Survey data related to this topic often does not reflect a reality that top-level executives are reluctant to discuss this topic for obvious reasons.

Hackers and state sponsored cyber thieves have moved toward a new fifth generation of attacks that is now surpassing the defensive capabilities of individual businesses. Cyber and national security experts now indicate that cyber threat incidents are going to get worse before they get better because of the added sophistication of cyber predators.  Chief information security officers are similarly concerned about next generation threat sophistication. A further building concern that garnered higher attention in 2018 was the threat of embedded cyber-snooping  or trojan devices within products themselves. There was much speculation, later refuted, that certain Apple iPhones included such embedded devices in component electronics. Similar, yet unfounded suspicions have related to equipment produced by Chinese telecommunications providers Huawei and ZTE. The arrest of the CFO of Huawei in December of 2018 was prompted by a U.S. arrest warrant on suspicion of cyber-related activity.

We, therefore, predict that cyber-risk and information security safeguarding will consume 2019 management agendas. Since supply, manufacturing, services and demand networks each have multiple points of vulnerability, they will likely remain the weakest links in cyber-risk management. As we have noted in published blog posts, the likelihood of additional incidents of supply chain targeted cyber-attacks impacting businesses and industry remains high. Plans must be in place to manage any business continuity impacts including access to backup systems, databases or alternative processes.

Similar to 2018, it will be imperative for industry supply chain management teams to collaborate with information security and IT teams to identify most vulnerable information security risk areas and to shore-up both defenses and business continuity safeguards. Advanced technology initiatives in manufacturing automation, Industrial Internet and Internet-of-Things (IoT) will therefore have to address strict information security guidelines.

B2B Business Network providers will need to demonstrate to existing and prospective customers that networks meet or exceed the most current information security standards and safeguards.

We further predict that in 2019, consideration must be given to retiring some rather old legacy systems and software applications that are identified as information security risks.


This concludes Part Four of our 2019 Predictions for Industry and Global Supply Chains. In a subsequent posting in this series, we highlight our fifth prediction which predicts that supply chain management digital transformation will require roadmaps and specific business case support.

In the meantime, if your organization requires assistance in preparing for challenges in the upcoming year, please get in contact with us for added information on any of these predictions.


Bob Ferrari

© Copyright 2018. The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.