A company's supply chain is an integral and sometimes complicated part of its business.
As companies optimize their supply chains using interconnected technology, the cyber risk of disruption and lost business multiplies. Where a third-party supplier is connected to a company's systems, a compromise at the supplier can disrupt the company's business or allow a direct attack on the company.
Recent cyber incidents in 2013 at Target and 2014 at Home Depot demonstrated how a compromise at a smaller third-party vendor allowed thieves to steal millions of customer's data, including payment cards. While those events involved theft of data, the risk to physical assets is growing.
Discussed below are more practical means of risk assessment; evaluating a company's ability to respond to a disruption in its supply chain. In other words, evaluate its robustness and responsiveness.