A recent global cyberattack on businesses – which seriously disrupted the information systems of two major international logistics service providers – highlighted the growing potency of that particular risk to supply chain operations in Asia and worldwide.

The scale of the threat to supply chains posed by such attacks became even more apparent when it was revealed that customers of at least one of those providers were still experiencing problems a month later, prompting an industry organization representing smaller businesses to warn such disruption could even threaten the survival of some companies.

However, while cyberattacks currently generate the biggest headlines, they are just one element in a constantly changing array of risks to supply chain continuity which need to be managed by all the players involved.

The diversity of those threats was highlighted in an assessment of the latest general pressures on supply chains globally published by the Chartered Institute of Procurement & Supply (CIPS), a worldwide organization representing purchasing and supply managers.

According to the CIPS Risk Index for Q1 2017, global supply chains are, for example, increasingly being disrupted by military conflicts and ideological battles around the world. Meanwhile, recent risks to supply chain continuity, specifically in the Asia-Pacific region, range from demonetization in India, difficulties transferring cash out of China and social unrest in Bangladesh to the impact of the cyclone season in Australia and New Zealand.

That assessment, powered by worldwide data and analysis provider Dun & Bradstreet, was published in late May. A month later, on June 27, global shipping and logistics group A.P. Moller-Maersk, which includes container shipping line Maersk and port terminal operator APM Terminals, and TNT Express, the international express/freight transport company now owned by FedEx, were among a range of companies around the world to be hit by a cyberattack on their information systems.

The seriousness of that attack was highlighted by the fact that Maersk was still issuing customer advisory notices about continuing issues with its systems four weeks after the event. On July 25, for instance, it stated: “As we clear the last parts of the backlog and serve your new business, we acknowledge that you may still encounter some data quality inconsistencies and delays in response times in some locations.”

Similarly, FedEx reported on July 17 that while as of that date most TNT services were available again, “customers are still experiencing widespread service and invoicing delays, and manual processes are being used to facilitate a significant portion of TNT operations and customer service functions.”

The company went on to state: “We cannot yet estimate how long it will take to restore the systems that were impacted, and it is reasonably possible that TNT will be unable to fully restore all of the affected systems and recover all of the critical business data that was encrypted by the virus.”

One insight into the extended repercussions of those events for some of the companies using TNT to support their supply chain was provided by the United Kingdom’s Federation of Small Businesses (FSB) in a statement issued on July 27 in which it voiced “serious concerns” over the continuing impact.

Mike Cherry, the FSB’s national chairman, added: “There are small businesses in a total state of paralysis, a month on from the attack, because their business relies on transporting goods through TNT. For a small business, this kind of disruption can be crippling and threaten their survival.”

The impact of cyberattacks on supply chain operations is compounded by the fact that in many cases, service providers are reportedly unable to get full insurance cover for such risks.

That issue was highlighted by Emma Howell, group marketing manager, Seatrade portfolio, ahead of the biennial Seatrade Offshore Marine and Workboats Middle East exhibition and conference in Abu Dhabi at the end of September, which will include a particular focus on information technology protection and cybersecurity in the maritime industry.

Howell suggested that when it came to ransomware attacks and information technology meltdowns in that industry, insurance providers had yet to close all the gaps in their policies, leaving shipping companies at even greater risk and facing huge financial losses.

“Most insurance policies have cyberattack exclusion clauses, for property damage and business interruption, and this exposes shipping companies and ship owners to huge risks,” she said. “We have seen some response from the insurance industry, but until comprehensive products are rolled out, the responsibility of backing up systems, protecting data and ensuring a network is robust and secure very much remains with the shipping company and ship owner.”

Meanwhile, the CIPS Risk Index for Q1 2017 revealed that prolonged military conflict is continuing to create supply chain no-go areas around the world, cutting off local businesses and consumers from global markets.

One example, it stated, was the conflict between Ukraine and separatist rebels in the east of that country which “continued to hinder both physical and digital supply chains.” Elsewhere, civil wars in Iraq, Libya, Syria and Yemen were disrupting traditional land-based supply chains across the Middle East. “The conflicts look likely to continue disrupting supply chains beyond 2017.”

On the ideological front, the index said Q1 2017 had seen an escalation in the conflict between globalization and economic nationalism, with the visit of British Prime Minister Theresa May to the US White House in January 2017 seen as symbolic of the shift in emphasis from multilateral to bilateral trade deals.

Commenting on specific risks to Asia-Pacific-region supply chain operations, the index claimed the Indian government’s unexpected decision in late 2016 to withdraw 86% of the country’s cash (demonetization) as part of a crackdown on the use of counterfeit money had left businesses struggling to pay suppliers and workers. “Combined with prolonged congestion at major Indian ports, India has helped to push global supply chain risk upwards.”

The index report also suggested that another source of increased risk to Asia-Pacific-region supply chains was China’s implementation of exchange controls at the end of last year which prevented foreign businesses from transferring cash outside of the country. “The controls make routine activity such as royalty payments difficult and pose a significant risk to businesses with supply chains in the region.”

Summarizing overall prospects for supply chain risk worldwide, Bodhi Ganguli, lead economist for Dun & Bradstreet in New York, said that while the global economy was currently settling down, there remain a range of threats which could flare up.

“From the fanning of protectionist inclinations by the rise of right-wing populism to a one-off hit to supply chains from North Korean aggression, global supply chains and cross-border business strategies must remain cognizant of these risks,” he said.

By Phil Hastings

Correspondent | London