Global Logistics: No Shortcuts to Security

Months before the infamous malware attack known as “Petya” hit Maersk, Fedex and other logistics companies in June, commercial insurer Allianz Global Corporate & Specialty (AGCS) warned logistics and supply chain managers that breaches in cyber security were of utmost concern. As stated in its annual “Safety & Shipping Review 2017,” the threat of cyber attacks continues to be real—and quite significant.

Prior to the Petya event, most violations of proprietary data had been aimed at breaching corporate security rather than taking control of a vessel or plane. Fortunately, the response by a handful of high-tech shipping specialists kept the episode from becoming a global catastrophe. For logistic managers, the lesson learned is that mitigating risk in this arena now needs to be a primary and ongoing goal.

“Many more enhancements to existing legacy IT networks are essential,” says Captain Andrew Kinsey, senior marine risk consultant at AGCS.

Safety-enhancing technology is already making an impact on shipping—from electronic navigational tools to shore-based monitoring of machinery and crew welfare. Technology has the potential to significantly reduce both the impact of human error—which AGCS analysis shows accounted for approximately 75% of the value of almost 15,000 marine liability insurance claims over five years, equivalent to more than $1.6 billion—as well as machinery breakdown.

Despite this progress, however, shippers are urged to keep their guard up. “The global logistics marketplace is entering a period of considerable change and unrest from economic pressures, technology and political factors,” warns Kinsey. “There’s a perfect storm brewing of increasing regulation and narrowing margins.”

Investment picture

Meanwhile, many analysts suggest that public sector logistics managers encourage their CIOs to benchmark against free market industries to mitigate risk.

According to a global survey of CIOs by Gartner, top performing organizations in the private and public sectors, on average, spend a greater proportion of their IT budgets on digital initiatives (33%) than government organizations (21%). Looking forward to 2018, top-performing organizations anticipate spending 43% of their IT budgets on digitalization, compared with 28% for government CIOs.

Gartner’s “2017 CIO Agenda” survey includes the views of 2,598 CIOs from 93 countries, representing $9.4 trillion in revenue or public sector budgets and $292 billion in IT spending, including 377 government CIOs in 38 countries. Government respondents are segmented into national or federal, state or province (regional) and local jurisdictions, to identify trends specific to each tier.

Rick Howard, research vice president at Gartner, says that 2016 proved to be a watershed year in which frustration with the status quo of government was widely expressed by citizens at the voting booth and in the streets, accompanied by low levels of confidence and trust about the performance of public institutions.

“This has to be addressed head on,” says Howard. “Government CIOs in 2017 have an urgent obligation to look beyond their own organizations and benchmark themselves against top performing peers within the public sector and from other service industries. They must commit to pursuing actions that result in immediate and measurable improvements that citizens recognize and appreciate.”

Howard adds that one of the challenges most government CIOs face is the age of their legacy business applications. “Gartner’s survey data indicates that—depending on tier of government—51% to 60% of government core business applications were implemented between 1990 and 2009,” he says. “Top performing organizations in the private sector report 42% of their core business applications date from the same time period.”

Howard observes that this “aging portfolio” of government systems and applications make them increasingly expensive to modernize. Furthermore, they present a growing risk from a security standpoint and are a barrier to digital innovation.

“If recent reports in the media are accurate, then it appears the Trump Administration is committed to addressing the cyber security vulnerabilities of federal systems,” says Howard. “This could serve as a catalyst to modernize or replace legacy systems at a faster pace than in the past.”

Financial health

RapidRatings, a leader in “financial health” analytics for public and private companies, continues to track the trend of investment in risk management technologies across all industries and business areas. Along with several prominent industry analysts, they note the increasing role of board level and operational professionals’ interest in risk management has accelerated growth in the predictive analytics market—one that’s expected to reach $9.2 billion by 2020.

“We challenge leading commercial, industrial and financial services firms around the world to build business relationships founded on new standards in financial transparency,” says James Gellert, chairman and CEO of RapidRatings.

The company’s proprietary Financial Health Rating (FHR) is a predictive analytic represented by a 0-100 score that reflects a company’s current financial health and predicts its future condition by projecting its long-term financial viability, short-term resiliency, and probability of default.

RapidRatings’ analysis relies solely on financial statements to deliver what it describes as “a tailored and unbiased outlook” about the financial health of a company’s public and private third-party logistics partners. This group includes carriers, suppliers, vendors and securities issuers.

“Unlike traditional methods of using payment history, data aggregation, or market inputs to predict a company’s future performance, the FHR’s forward-looking analysis allows companies to identify financial decline 12 months out and beyond,” says Gellert. “This gives logistics managers a new set of forecasting analytics to work with.”

Currently, clients and expanded existing relationships in multiple industries include financial services, insurance, aerospace & defense, manufacturing, automotive, biotech, energy, food and beverage, financial services and retail.

Logistics managers might have found some comfort in knowing that Maersk is judged as a “medium risk” player it the ocean cargo industry, says Gellert. “Had a serious cyber attack been launched on Hanijn two years ago, it would have hastened that company’s bankruptcy,” he adds. “So, we not only want to help shippers avoid weak supply chain partners, but also identify the strong ones who can be integrated into that transport ecosystem.”

Political exposure

Current events chronicling abuses by supply chain partners is also creating anxiety, says Amber Road, a provider of cloud-based global trade management (GTM) solutions. As a response, the company recently added advanced politically exposed persons (PEPs) lists to its Global Knowledge database.

In addition to being a comprehensive database of government regulations and international business rules, Amber Road’s Global Knowledge is designed to automate restricted party screening (RPS) processes to vet customers, suppliers and other trading partners against 570+ restricted party lists sourced from government institutions worldwide.

Ty Bordner, vice president of solutions consulting for Amber Road, says that this initiative was generated by logistics managers desiring another layer of security. “For a variety of reasons, there’s a lot of apprehension in the marketplace these days,” he says. “The consequences of doing business with the wrong people can be dire.”

To ensure that businesses do not engage in bribery to obtain or retain business, many countries around the world have passed anti-corruption laws, such as the U.S. Foreign Corrupt Practices Act, the UK Bribery Act, the Canadian Corruption of Foreign Public Officials Act, Chinese Anti-Corruption Laws and more.

Some of these laws don’t distinguish between small and large bribery payments, thus prohibiting any facilitation payments. With that in mind, the PEP screening is a risk-assessment tool to help businesses protect themselves from the regulatory, reputational and economic risk associated with these types of laws.

A PEP is defined by the Financial Action Task Force as “an individual who is, or has been entrusted with a prominent public function.” Due to their position and influence, it’s recognized that many PEPs are in positions that potentially can be abused for the purpose of committing money laundering offenses and related predicate offenses, including corruption and bribery, as well as conducting activity related to terrorist financing.

“Although persons or entities identified by PEP screening do not imply wrongdoing of any kind, PEP screening against official governmental sourced information allows businesses to be fully informed and vigilant during their global decision making processes,” adds Bordner.

Climate change

In the wake of the U.S. pullout of the Paris Climate Accord, some weather experts are expressing even more concern about future climatic “events.” Indeed, new information has recently surfaced on the impact of extreme weather on supply chains.

According to Nick Wildgoose, global supply chain product manager for Zurich Insurance Group, nearly 80% of corporations are not even checking their supply sites for exposure to natural catastrophe risks, leaving them vulnerable to future supply chain disruptions. To make matters worse, supply chain disruptions due to extreme weather have increased 29% since 2012, according to research from the Business Continuity Institute conducted in collaboration with Zurich.

“Our analysts discovered more than 50 incidents last year,” says Wildgoose. “This can not only lead to lower profits, but brand erosion. That should be a serious concern, because it means that you’ve let a client down.”

Zurich suggests that logistics managers look into an “all risk” policy to address weather-related events, but offers other cost-efficiency tools that represent another tool in your risk mitigation kit. “One set of risks may be worse in the food industry—floods, for example—than the microchip industry,” says Wildgoose. “In the high tech manufacturing sector, earthquakes may be more of a concern.”

Besides choosing the right insurance portfolio, Wildgoose encourages shippers to establish new protocols related to alerting suppliers. For example, he encourages companies to relocate to exactly where their critical suppliers and logistics hubs are based in advance.

“Because many extreme weather events are often known in advance, it’s critical to know which of your supplier nodes will first feel the impact,” says Wildgoose, adding that even after key suppliers have been mapped out, procurement teams only have a limited amount of time to execute a plan to minimize risk.

“Well before the proverbial—or literal—flood waters rise, companies need to determine what business continuity measures can be implemented to avoid damage and what inventory can be moved ahead of the weather to avoid monetary loss,” says Wildgoose.

Finally, there’s the triage issue, whereby critical suppliers are the ones who receive the first alert. “To best prioritize risk management when facing adverse weather, companies should focus first on those partners who play the most important role in the logistical network,” Wildgoose adds. “These may also be companies who support your most profitable products and services.”