IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Australian businesses underestimate risks to supply chain
Mon, 16th Oct 2023

Research released by McGrathNicol Advisory warns Australian business leaders of overconfidence regarding supply chain risks. 

McGrathNicol Advisory has released new research into the understanding and attitudes of Australian business leaders towards risks within their supply chain, warning that a large majority of companies are perhaps unprepared for future threats. 

In partnership with YouGov, the research surveyed 300 C-Suite executives and Board-level directors across Australian businesses with 50 or more employees. The findings show surprisingly high confidence from business leaders; nearly all (97%) are very or somewhat confident in their organisation's ability to navigate the supply chain risks. 

McGrathNicol suggests this confidence may be driven by an underestimation of future risks, a narrow perception of the supply chain, and a misinformed assumption that geopolitical issues, cyber threats, trade disputes and other risks are not a significant concern for their organisation.

For example, only 16% of Australian business leaders believe that geopolitical risks will have an enlarged impact on their supply chain in the next 12 months. And despite consecutive years of front-page, high-profile cyber breaches, 84% do not believe cyber threats will pose more of a risk to their supply chain in the coming year.

Matt Fehon, Head of Advisory, McGrathNicol Advisory, says, "Australia completely depends on local and international supply chains and digital networks. Australian businesses have their heads in the sand if they don't think that conflicts, cyber-attacks or trade disputes, whether locally or internationally, will affect them."

"Geopolitical tensions or natural disasters are just as likely to shut down an essential offshore software development team or call centre as they are to disrupt physical supply chains like shipping lanes and ports." 

"We believe this data shows that business leaders have not grasped the impact that global events such as US and Taiwanese elections, the Hamas-Israel conflict and other regional disruptions, will have on their ability to do business," says Fehon.  

Business leaders have an outsized confidence in their approach to navigating future risks. 53% of surveyed executives said they are very confident in their organisation's ability to deal with future threats to the supply chain, with 94% reporting that they have at least a high-level awareness of their organisation's supply chain risk management program. 

However, this confidence isn't reflected in the risk management programs themselves. Although financial risk is well covered by organisations' supply chain risk management programs (57%), other significant risks, including cyber risk (27%), counterparty risk (27%, geopolitical risk (26%), supply chain risk (26%), and personnel risk (25%), are less likely to be considered.

Matt Fehon says: "While business leaders are highly confident in their organisation's approach to managing supply chain risks, it's clear that this is being driven by a narrow perception of what the supply chain is and what risks they need to prepare for." 

"Modern supply chains are more than just ships and trucks. We need to update the definition of a supply chain before we can confidently say that we can manage these risks effectively."

Most Australian business leaders (92%) know that the Security of Critical Infrastructure (SOCI) Act requires organisations to develop a risk management plan that comprehensively covers supply chain risk. Still, more than one in four (27%) say theirs has not been updated in the past two years. This is perhaps understandable, given that many executives (75%) say they've encountered challenges when addressing supply chain risks.

The most common challenges include limited transparency and the inability to source appropriate data on the supply chain (34%), an assumption that the procurement team, logistics team, or suppliers are protecting the organisation's interests (33%), apathy (31%), and lack of awareness and understanding due to limited or no supply chain expertise (30%).