By 2025, 60% of supply chain organizations will use cybersecurity risk as a significant determinant in conducting third-party transactions and business engagements, according to Gartner. As the surface area of digital supply chains expand, enhanced cybersecurity is a key theme that Chief Supply Chain Officers (CSCOs) will look to scale this year.
“Our survey data has shown an aggressive stance among CSCOs who are looking to invest in growth through multiple new technologies,” said Brian Schultz, Senior Director Analyst in Gartner’s Supply Chain Practice. “However, each new technology introduces new partners, vendors and service providers into the digital supply chain. The implication for cybersecurity risk is an ever-growing number of new pathways to potential attacks from malicious parties.”
Gartner surveyed 499 supply chain leaders between October and December of 2022 and identified the top supply chain technology trends for 2023. On average, respondents indicated that 73% of their supply chain IT budgets will be allocated to driving business growth and enhancing performance.
Based on the survey data, Gartner projects that one third of supply chain organizations will utilize industry cloud platforms by 2026 and predicts rapid growth in the use of composable application architecture, both of which will primarily rely on the use of external vendor support.
“CSCOs are under pressure to reduce costs, mitigate external disruptions and keep up with a rapidly changing technology landscape,” said Schultz. “In evaluating new technologies to drive growth and manage costs, a revamped approach to third-party risk assessment will be necessary to inform buying decisions, as a successful cyberattack on the supply chain is almost unique in its position to undo nearly all of the key objectives of CSCOs this year.”
CSCOs Under Scrutiny
CSCOs’ focus on cybersecurity is being driven by more factors than just an increasingly digital supply chain. Concerns about digital supply chain vulnerabilities are coming from C-Suite partners, boards, government regulators and customers. The result is to put CSCO’s cyber-resilience policies under the spotlight like never before.
According to Schultz, CSCOs will need to revamp their third-party risk assessments of outside partners as part of a larger cybersecurity program with clear standards developed in collaboration with risk owners across the C-Suite, including the CIO, CISO and internal audit. The standards in the plan should specifically address:
- Up-to-date third-party cybersecurity standards
- Mechanisms for enforcement of these standards in contractual language via executed and amended contracts
- The development of an audit program to enforce the supply chain cybersecurity plan
“A supply chain cybersecurity program will play a significant role in future buying decisions and third-party risk mitigation,” said Schultz. “In addition, regular audit data from a supply chain cybersecurity program can serve as key performance indicators that can be reported to the board, auditors and business partners.”