Australian businesses are overconfident regarding supply chain risks, research by advisory firm McGrathNicol and market research business YouGov warns.
A survey of 300 Australian board-level and C-suite leaders for the Uncovering Risks in the Supply Chain report found 97 per cent are very or somewhat confident in their organisation's ability to respond to supply chain risks.
However, 75 per cent say their organisation has faced challenges in trying to address supply chain risks.
Limited transparency and inability to source appropriate data on the supply chain was the most common reason for challenges (34 per cent).
The report also found that organisations’ supply chain risk management programs were lacking.
While financial risk is well covered by programs (57 per cent), other significant threats, including cyber (27 per cent), counterparty (27 percent), geopolitical (26 per cent) and personnel risk (25 per cent), are typically not included.
Too often, mapping threats to a business’ modern supply chain is seen as a daunting, time-consuming task, with 75 per cent of executives saying their organisation has faced challenges when trying to do so.
Third-party cyber risks misunderstood
The report found that third-party cyber risks are misunderstood as many businesses think a global supply chain attack won’t impact them.
64 per cent of businesses rank cybersecurity as the second greatest challenge to their organisation (behind financial performance), but underestimate the likelihood or impact of an attack on their third-party suppliers to their business.
Just one in six (16 per cent) predict cyber risks will increase and impact their organisation over the next 12 months.
Over two thirds (68 per cent) of organisations that haven’t updated their risk management programs in the past two years, state the reason being: “suppliers are responsible for understanding and managing their own risks."
"The attitude, that supply chain risks are someone else’s problem, is no longer good enough," the report stated.
"Australian regulators like ASIC and APRA are increasingly holding organisations, their Boards, and Directors, responsible for managing all risks associated with their business’ supply chain, including cybersecurity and data protection concerns."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
