When I first started writing about supply risk and supply disruptions a decade ago, I placed almost my entire emphasis on the consideration of the topics in manufacturing environments. Yet in industries such as financial services, IT/communications, logistics/transportation and even the public sector, supply chain risk management is just as important. But the causes and types of disruptions are often quite different. Consider financial services, for example, where natural disasters and product quality can have entirely different consequences on the "virtual goods" supply chain. According to BCI's latest analysis of trends in supply chain disruptions, the top three leading sources of disruption were as follows: 1) unplanned outage of IT or telecom systems; 2) adverse weather (windstorm, flooding, snow, etc.); and 3) Cyber attacks (malware, denial of service, etc).
This last disruption type is fascinating because cyber attacks (and cyber theft) are on the rise in manufacturing environments as well. Yet the risk they pose there is certainly more along the lines of IP theft than causing potential disruptions. We know by talking to various manufacturing insiders in the IT community and security experts that China and Brazil are the two worst culprits for breaking into systems and stealing confidential business information (China operates in a league of its own in this regard). Nearly all of the really salacious stories don't make the headlines though (and in many cases, companies don't know they've been attacked or breached until private third parties or three-letter agencies reach out to tell them).
From what we've heard from insiders, at least a significant portion of the top 50 discrete manufacturers in the US have had their systems breached by Chinese government employees or those working on behalf of the Chinese government or state-owned companies in recent years -- often on an ongoing basis. Perhaps going forward, should China ever act to flex its competitive trading muscles in new, manipulative ways, perhaps we'll see disruptions in manufacturing based on their knowledge of our corporate IT environments. It happened in Iran, and it could happen here. Perhaps the biggest question we must confront is what our government's response will be -- military or otherwise -- if China begins to not just break into systems and steal information, but attempts to disrupt commerce.