The threat that is presented to supply chains by cybercrime has increased in recent years. As a result, a growing number of companies are addressing the potential risks and taking security measures. The focus has shifted in particular to the security of customer and employee data. This shift is reflected in the results of the 16th Hermes-Barometer titled “IT and Data Security in the Supply Chain” by Hermes Germany – a survey conducted among 150 logistics managers in German companies.
According to this, 13 percent of the companies surveyed have in fact already been affected by disruptions or failures in the supply chain due to IT security incidents. Further, as many as half of the decision-makers surveyed (51 percent) see IT security problems such as hacker attacks or computer viruses as the greatest threats to their own supply chain – an increase of ten percent compared to 2017. “Digitization is becoming increasingly important in making supply chains more resilient and also more efficient. At the same time, decision-makers are more aware of the growing threat posed by cybercrime,” says Moritz Gborglah, Division Manager and digitalization expert at Hermes Germany, explaining the results.
Security of data and data transfers in the spotlight
Following the results of the survey, data and data transfer are particularly sensitive corporate areas within the digital supply chain that require effective protective measures. Consequently, more than half of the logistics managers surveyed (56 percent) see a particularly high risk potential in unauthorized access to customer and employee data. For 41 percent of interviewees, the automated exchange of data with suppliers and partners is particularly vulnerable to possible attacks; for larger companies, this figure is as high as 53 percent. By contrast, only approximately one-third of respondents consider the use of online payment systems and online retailing (39 percent each) as well as IT-supported warehousing (32 percent) to be particularly at risk from potential IT security incidents.
Confidence in own security mechanisms is strong
At 72 percent, almost three-quarters of the logistics decision-makers surveyed believe that they have the necessary expertise within the company to limit the threats to their IT systems to an acceptable level. The larger the company, the greater the confidence in its in-house defense mechanisms. Three quarters of companies (78 percent) fall back on internal IT departments for this purpose. Only seven percent of respondents, on the other hand, relied on internal cybersecurity experts to optimize IT security. “Exclusively securing the company’s own IT environment is not sufficient within a global supply network,” Gborglah said. “With increasing networking, we recommend that companies also keep an eye on the systems of their cooperation partners. Transparency in the supply chain plays a central role in this context.”
Risk factor supply network: Need for optimization of transparency
58 percent of panellists expect to be increasingly affected by security incidents involving cooperating companies. While 48 percent claim to have comprehensive information regarding the IT security systems and measures of their supplier companies – in 2017, this figure came up to 34 percent – the latter was only reported by 33 percent of larger organizations with 250 to 1,000 employees. “Larger organizations are often even more widely interconnected. Thus, being informed about all measures within the network is still a major challenge for companies,” Gborglah states.
Effective technologies and measures to avert risks
For 67 percent of respondents, securing the company network against data leakage is a top priority. The encryption of network connections and e-mails is considered particularly effective by 57 percent of participants. Expectations regarding the positive effects of information and training for management and employees have increased: Whereas in 2017 only 25 percent of decision-makers recognized a high level of effectiveness, today this figure has risen to 42 percent.
Among larger companies employing between 250 and 1,000 people, the figure has even risen from 29 to 67 percent.
At this point, an active supply chain risk management (SCRM), combined with the use of supply chain management software to ensure transparency in complex supply chains, still plays a subordinate role for the companies surveyed. While 42 percent of those responsible prioritize the implementation of emergency plans, the figure for the introduction of supply chain risk management (SCRM) stands at 21 percent. Twelve percent of respondents believe that the use of SCM software helps to increase IT security.
Potential of established practices insufficiently exploited
These figures are surprising, since the design of emergency measures is an important field of action of a holistic SCRM. In addition, smaller companies in particular benefit from the implementation of supply chain risk management, digital monitoring, and software-supported access logging, which are being enabled within the framework of a cloud-based SCM software. “Responsible parties do not seem to be fully aware of the great potential of proven mechanisms and technologies and, as a result, underestimate their effectiveness in terms of improving IT security in the supply chain,” says Moritz Gborglah. Yet, it is precisely such mechanisms and systems that can create transparency and thus lay the foundation for improved IT and data security, the security expert Gborglah is saying.