Supply chain recruitment firms should start headhunting candidates who appreciate the crucial role of cyber security throughout the supply chain, two supply chain management experts have suggested in an article for the prestigious ‘Harvard Business Review’.

The study was carried out by Zac Rogers (Assistant Professor of Supply Chain Management at Colorado State University) and Thomas Choi (Professor of Supply Chain Management at Arizona State University’s W. P. Carey Business School). Their findings concluded that more than 60% of cyber-attacks on publicly traded US firms last year arose from the IT systems of suppliers or third parties, including contractors.

They recommend that professionals holding procurement jobs and supply chain jobs in organisations must stop failing to consider the cyber-security measures of vendors. Instead, this should become a priority in selecting top-drawer suppliers. These professionals will need to work closely with colleagues in IT departments to realise this practically. Cybersecurity measures adopted by suppliers should be seen as intimately connected to quality and delivery performance: if they can’t make the grade in security, decision-makers in supply chain jobs should be permitted to close the relationship.

The authors also recommend that, with input from IT colleagues, procurement pros should limit suppliers’ access to the buying company’s IT systems far more stringently. Suppliers should be divided into segments depending on which of them need access to which parts of the buying company’s systems. Those who need relatively deep levels of access should be categorised as ‘A-Level’, with supply managers ensuring that they’re properly monitored and credentialed.

Rogers and Choi suggest that security can be tightened further by supply managers working with their equivalents in competitor firms to devise industry-level standards with which all suppliers would have to comply.

They write: “Procurement must be put on the front line in the battle against cyberattackers. They must be empowered to take cybersecurity as seriously as they now take quality, sustainability, and dependable delivery. They can and must play an important role in the effort to keep companies safe.”

To find your next interim procurement or supply chain role click here