Firms urged to invest in supply chain security

The loss from a security breach of just one shipping container could cost companies up to $1 trillion, according to an alarming new report from Deloitte Touche Tohmatsu.

The report bases this estimate on the fact that the cost of cyber attacks against companies worldwide reached US$12.5 billion in 2003. In 2002, a single case of mad cow disease in 2002 cost the Canadian beef industry US$2.5 billion.

The study Prospering in the Secure Economy, shows that this issue is increasingly becoming a focus for companies who see supply chain security as a necessary investment. As a result, the essence of security for companies has expanded from primarily protecting assets and people to anticipating every eventuality, from the spread of a computer virus to an act of terrorism.

The premise of the report therefore is that there is an embryonic new "secure economy" evolving, characterised by greater vulnerability to business disruption, increased awareness of threats, regulatory compliance, and an expanding ability to respond rapidly to change.

The inference is that companies that do not adapt to new global trading conditions will struggle.

"Global business organisations are now squarely in the front line when it comes to protecting their supply chain, their data, their brand, and their very existence," said Jerry Leamon, Deloitte global managing partner for clients & markets.

"If companies don't take steps to protect their employees, customers, shareholders, and society from the risks now inherent in their businesses, they also risk more costly mandated government regulations.

"In the new secure economy, CEOs are not only asking themselves how they can increase shareholder value but, increasingly, 'What can destroy our brand?'"

There are of course many opportunities to disrupt a global supply chain in an interconnected global economy. Companies therefore need to move beyond compliance with local government security measures to ensure that their full range of operations continues without disruption.

There are additional benefits. Security investments can drive efficiency into the supply chain; according to Deloitte, one major private-public supply chain initiative generated cost savings of between US$378 and US$462 per shipping container.

This is a point driven home by proponents of RFID (radio frequency identification) technology. Suppliers are under intense pressure from retailer mandates to install the technology, eager to protect their brand name against any possible tampering.

"Companies view risk to their brands as their single biggest business hazard," said Greg Pellegrino, Deloitte's global public sector industry leader and a senior advisor to the study.

"If customers lose faith or trust in a company, it can threaten the very survival of the organisation."

However, some experts believe that suppliers also ultimately stand to benefit from the introduction of RFID. For example, these tags can track the location of containers and products at any point along the supply chain, helping to reduce costly excess inventory.

The Deloitte report also urges governments to assume a greater role in offering incentives to the private sector to invest in security. For example, Initiative D21, a German public-private initiative, promotes cooperation on IT security and other threats.

Several public-private partnerships are already under way to improve food safety and security. In Australia, for example, a joint venture tracks individual animals from birth to slaughter.

But what is really needed is the establishment of global standards over supply chain security. These are beginning to emerge through international groups such as the World Customs Organisation, which has helped to simplify incompatible country-specific security requirements.

For example, the International Ship and Port Security Code (ISPS) went into effect in July 2004 applying to all vessels over 500 tons engaged in international voyages.

"Businesses have the opportunity to turn compliance with new security regulations into business value," said Leamon.

"Government can be a facilitator by providing incentives to invest in security and, wherever possible, working to ensure that multinationals are not forced to comply with incompatible country-specific security requirements."

Deloitte Touche Tohmatsu is a Swiss-based Verein (association) of member firms that specialise in audit, tax, consulting, and financial advisory services. It claims to serve more than one-half of the world's largest companies.