While supply chain disasters occurred long before the start of COVID-19, the past couple of years have seen an increased spotlight on global disruptions. Lack of PPE supplies during the most heated moments of the pandemic, the reverberating effects of semiconductor shortages and heightened ransomware attacks have not only gripped the world’s attention, but have left procurement and supply chain leaders wondering how to correct long-standing blind spots.
One of the biggest takeaways? Better supplier intelligence that proactively monitors and mitigates risk. As you’ll see from these five supply chain mishaps, effectively evaluating risk – especially in 2022 – goes well beyond sending out supplier surveys and purchasing point-in-time reports that outline traditional financial metrics. Rather, it should take into account a large swath of data ranging from hiring trends to internal communication tools and more.
The supply chain crisis that rocked British Steel details a story of susceptibility to economic downturns. Between high energy and production costs (including a costly EU emissions bill), the overall decline of the UK steel sector, and ultimately Brexit, the company was unable to stay afloat. When the firm filed for bankruptcy, the news came as a shock to many buyers and suppliers, severely impacting a host of industries, particularly the automotive sector.
But according to traditional metrics, no red flags were previously evident, as British Steel’s Altman-z score, the industry standard for predicting bankruptcy, remained healthy even in the company’s final days. A closer look at unconventional data points, however, such as the trending decline in job postings, news headlines around layoffs, and aggressive drops in headcount, would have likely warranted a second look at the company’s health.
Utilizing industry-benchmarks is important, but reliance on the traditional metrics is insufficient. Coupled with widely used metrics, such as debt ratios and revenue-based measures, companies should have access to a holistic intelligence platform that provides historical trends and offers real-time alerts about news sentiment, employee headcount trends, executive leadership announcements, and more.
Target & Fazio Mechanical Services
Fazio Mechanical Services served as the primary heating, ventilation, and air conditioning (HVAC) supplier for Target and held access to the multinational corporation’s network, allowing them to remotely control the temperature of stores in different parts of the US. In December 2013, hackers used a Pittsburgh-based refrigeration contractor’s login credentials to gain access to Target’s system, resulting in a wide scale data breach.
The hack cost the firm over $200 million dollars, not to mention the 40 million credit and debit card details that were taken and over 100 million personal pieces of information, such as emails and phone numbers.
The Target HVAC mishap demonstrates the necessity of holding strict, standardized assessments of all suppliers’ cybersecurity, including n-tier suppliers. Surveys, the most common way to assess supply chain security, is not an objective measure, as suppliers either want to portray their systems in the best possible light, or the responders may be unaware of risks that are present in their organization or with their own suppliers (or both). Understanding risk scores using a multitude of third party sources that can provide aggregated snapshots of where your suppliers stand is a critical element of your firm’s supplier intelligence platform.
The Colonial Pipeline attack demonstrated private companies’ increasing vulnerability to ransomware attacks and underscored the need for robust cybersecurity measures and practices. The US pipeline system that carries oil throughout the southeastern United States suffered a breach stemming from an old password through which the hackers could access the company’s virtual private network (VPN). The absence of multifactor authentication paved the way for the hackers to gain access to the pipeline system using only the password and username.
The national average for gas prices subsequently reached 6-year highs, and oil delivery days ensued. Some states enacted price gouging laws or temporarily suspended gas taxes. Between the estimated $5 million paid ransom and other inflicted damages, the company suffered massive financial loss and reputational damage.
Supply chain cybersecurity risk encompasses a wide range of factors that may not surface from one or two traditional benchmarks. Consistently assessing measures such as hacker chatter and information leaks prevent potential misuse and go beyond conventional scores on network security.
The global fast food chain suffered major supply shortages throughout the UK after they switched their main food distributor primarily as a way to cut costs. Their new supplier, while cheaper, was a mega-freight forwarding company – rather than a specialty food distributor- meaning they owned few physical assets and operated an oftentimes complex network of individual trucking companies to carry out customers’ distribution. In addition, the new vendor DHL only had one distribution point for KFC supplies in the UK.
The chain immediately felt the impact once the switch to DHL was made, and almost 2 months after the initial mishap, half of the affected locations were still unable to serve a full menu.
KFC’s distribution failure could have been prevented with a deeper understanding of potential bottlenecks and risk when making key supplier transitions. Ultimately, cost-cutting maneuvers backfire when supply chain leaders do not use holistic supplier intelligence to calculate impact and develop contingency plans.
Nokia vs Ericsson
The story surrounding an unplanned disaster affecting both Nokia and Ericsson is often told as a cautionary tale on supply chain resilience, as it presents a real-life experiment of how contingency planning combined with proactive communication can make or break a firm’s trajectory. Philips, an Albuquerque, New Mexico-based microchip plant, was a key supplier for both Nokia and Ericsson, but when a fire broke out at the facility, the companies took two very different paths.
Nokia moved quickly to secure remaining supply at both the Albuquerque plant and others. What’s even more impressive is that their team re-engineered their phones so that chips from other global suppliers in the US and Japan would be compatible.
Ericsson, on the other hand, was assured the impact of the outbreak would be short-lived and notice of the fire didn’t even reach top leadership until it was too late. Philips was a single-source supplier for the firm, and by the time the news circulated, Nokia had already snatched up any remaining supply. Consequently, about $1.6 billion was lost to Ericsson’s mobile phone division, with $400 million lost in sales.
Effective supplier intelligence not only allows for swift cross-functional collaboration, but it also ensures that contingency plans can be successfully executed. Nokia was able to not only pass information quickly up through the organization, but their teams proved agile enough to even redesign their core product. With such quick turnarounds, they could also locate and secure supply from alternative sources.
These are certainly not the only supply chain mishaps and disruptions. Others such as the attack on software provider SolarWinds and most recently, the contamination of Western Digital’s flash storage supply prove that deeper insights from a myriad of premium data sources coupled with seamless case management tools are the foundation of a resilient supply chain and ultimately, a company’s success.
Learn more about Craft’s supplier intelligence platform here.