Early in the pandemic, when companies and people were feeling blindsided by current events, we all just wanted to return to normal. Normal schooling, normal workplaces, normal grocery shopping; in other words, living our lives without masks or hand sanitizer or fear of imminent illness.

But what if returning to normal is exactly what we don’t need? Perhaps our communal shift to staying home when sick will help lessen the spread of cold and flu. Grocery delivery is certainly a convenient option for keeping stores less crowded, saving time on busy workdays and reducing the number of cars on our roads. And many employees are enjoying the flexibility associated with working from home. In fact, maybe these things aren’t silver linings, but bright neon signs demonstrating that past practices just aren’t serving us anymore.  

Pandemic response

Pandemics have been predicted for decades, and they’ve happened before. But the lack of adequate planning has made it clear that conventional methods of risk management are flawed. Joseph Fiksel is professor emeritus, The Ohio State University, and was an expert on the panel that advised the joint effort between the Economist Intelligence Unit and the Association for Supply Chain Management (ASCM). He says traditional risk management works when supply chain organizations understand the magnitude of a disruption, but true resilience can only be achieved when the total risk landscape is understood.

ASCM/EIU expert panelist Bindiya Vakil is the CEO of Resilinc Corporation, a supply chain risk management product that maps organizations’ global supply chains, collects data and supervises their sites. Resilinc has software in place to monitor interruptions: They picked up what was going on in Wuhan, China, in December 2019 — months before COVID-19 was officially designated as a pandemic. From there, they evaluated 1,200 of their clients’ suppliers to determine how ready they were for a potential pandemic as of January 2020: More than 75% of them had not tested their pandemic plans or refreshed them for over a year. Many didn’t have a pandemic plan or a point person to handle processes. Organizations would be scrambling.

Martin Caddick, partner, MERC & CO LLP, and another contributor to the ASCM/EIU benchmark, points out, “In the current world, risk management relies on impact and probability.” Priority is given to the disasters most likely to occur. But it’s difficult to assess the likelihood of many events — including pandemics.

That’s the thing about the resilience industry, Caddick says. All that planning is a reaction to something else. In a few years, everyone will have plans about pandemics, he predicts. After the IRA bombings and the September 11 attacks, organizations across the world addressed potential terrorism by planning responses; but that is simply reactive. To build resilience, he cautions, organizations need to learn the lessons from a major incident such as COVID and generalize those lessons.

Case in point: Few would have imagined a massive container ship blocking traffic and trade for a week, to the tune of nearly $10 billion dollars. Of course, that’s exactly what happened when the Ever Given got stuck in the Suez Canal in March 2021. That threat may have been more localized and shorter in duration than the pandemic’s effects, but it’s still another red flag that globalization means the potential for many more, and bigger, disruptions.

So, if experts agree that a pandemic is unlikely to be the next disaster to affect global supply chains, what are they concerned about?

Social unrest

One immediate threat to supply chains is social unrest, in all its forms. Threats to community stability is occurring all over the world: wars, civil disturbances, and widespread protest have disrupted the global supply chain. Knowing where suppliers are located and how alternatives can be obtained will be critical for dealing with an urgent social or political crisis.

In addition, these events are causing many companies to reevaluate their diversity and hiring practices, making social justice an integral part of business strategy. Equity is “not just a moral imperative,” Fiksel says. “Inclusivity and diversity are critical for having a resilient workforce. A homogenous workforce creates groupthink and blind spots.”

But building resilience and creating a socially equitable workforce isn’t easy, admits Deirdre White, CEO of global nonprofit PYXERA Global and ASCM/EIU benchmark expert. They require difficult conversations and acknowledging the brokenness of the system. “Addressing that head on is really hard,” she says.

Further, it’s not just about what your company is doing; visibility down the supply chain is also crucial for making changes stick. “Regulatory change is all about having a collaborative dialogue about what is important to you,” Vakil says. “Sustainability policy, a code of conduct for supplier, assessing how well the company is in compliance. You must work with suppliers and educate them about how they’re not compliant. You may need to create awareness with suppliers who may not be enlightened about the issues you care about.”

And they need to follow through. Caddick notes that many companies have “talked a good fight” when it comes to ethics, but then have been caught using child or slave labor. “You can’t ignore that sort of thing,” he warns. “You need consistency throughout your organizations, no matter where your factories are. Otherwise, you’re setting yourself up for a bad reputation and unhappiness within the workforce.”

Cybersecurity

While it’s clear that the past 18 months have laid bare the shortcomings many supply chains maintained in managing the risk of a pandemic, another challenge that has been upending organizations for years is cybersecurity. Experts on the benchmark agree that cybersecurity is one of the biggest threats to maintaining a functional supply chain.

Last spring, an estimated 100 companies, including Microsoft and Intel, and a dozen government agencies, including the Justice department and the Pentagon, were affected by a Russian intelligence service’s hack of the SolarWinds security software. This kind of attack puts organizations — and their customers — at serious risk of privacy breaches, identity theft and worse.

Vakil advises companies on the type of processes supply chains should put in place to prevent disruptions from cybersecurity threats. She points out that many cybersecurity breaches are kept confidential, so the effects may be even worse than what the public or leadership realizes.

“Unfortunately, apart from monitoring your supplier system yourself, you have to rely on your supplier [to be forthcoming about any breaches]. That’s why companies need to work with suppliers: identify who is the most critical, where are they touching your system, are they correctly certified?” Vakil says. “Are they continuously doing threat assessments, penetration testing on their systems on an ongoing basis?”

A June 2020 report by McKinsey & Co. supports this argument: “Until recently, financial firms were the primary targets [for cyberattacks].… Today, due to digitization and automation, the threat is universal.” And, because of the business effects of COVID-19, the changes in working conditions have made it more difficult for companies to maintain security. Large-scale adoption of work-from-home technologies, heightened activity on customer-facing networks, and greater use of online services all present fresh openings, which cyberattackers have been quick to exploit.

Most recently, as a reaction to a ransomware attack in May 2021, Colonial Pipeline shut down approximately 5,500 miles of pipeline, which “carries 45% of the East Coast’s fuel supplies,” according to The New York Times. Cybersecurity isn’t just a business issue; it affects both infrastructure and national security.

On the other hand, Fiksel argues, cybersecurity threats are a known entity. The effects of other dangers — such as deliberate threats, political turbulence and pandemics — are more diffuse. It’s difficult to predict what will be affected, and how, with these emerging threats.

“Cyber is yesterday’s problem,” Caddick agrees. “It’s so hot because there have been a lot of high-profile attacks,” adding that preparation is a crucial part of building resilience, but it’s disproportionately important.

Climate change

Of course, most dire is the impact that climate change is already having — and will continue to have — on supply chains. Fiksel notes the incredible complexity of the issue, such as potential conflicts between resilience and sustainability, and companies are still trying to catch up to understand how these forces affect their operations.

Although advance planning for major climate-related disruptions is an important part of risk management, the seriousness of climate change means that organizations shouldn’t just be expecting these natural disasters, but preparing for gradual changes in the environment, such as increased temperature changes that affect crop growth.

Climate change is yet another reason why supply chain visibility is crucial, Vakil adds. Climate-related disruptions need a regionalized approach — drought in the desert, hurricanes on the coast — but many companies don’t know where their suppliers are located. “They think they know,” she says, “but they only know where the corporate office address is. Your risk assessment on the corporate office address is useless if they don’t manufacture anything there.”

And it’s not just disaster preparedness that organizations need to prepare for. To build resilience, they must implement sustainable methods that reduce their individual effects on the environment, such as circularity. For instance, the 2020 report on the State of Supply Chain Sustainability from the MIT Center for Transportation & Logistics discusses “circular economy goals, such as zero-waste manufacturing and operations, end-of-life management of products, and plastics reduction goals.”

White agrees, noting, “I believe with all of my heart and brain that one of the most critical things any company can do today is look at how they can engage in a circular economy. The resources of the world are finite, but we’re not treating them that way. We continue to design our businesses accepting a massive amount of waste as part of the equation.”

She encourages businesses to look at nature as a role model: “There is no waste in nature. What might look like waste is really a resource for another organism. We’ve got to fundamentally change our business models to use fewer resources and ensure that one business’s waste can be used elsewhere.” Climate change might not be a black swan, but ignoring the water that’s already heating up will be disastrous for everyone. White urges, “We can’t save our planet unless the largest businesses begin operating in a much more circular fashion.”

Putting it into action

On the bright side, companies that built resilience after past disasters fared well during the pandemic, and those lessons can be reinforced for turbulent events in the future. The earthquake, tsunami and ensuing nuclear accident in Japan in 2011 was a red flag for many companies, Fiksel points out. Production for auto giant Toyota was down for months due to the Fukushima disaster, due, among other things, to the “just in time” philosophy of manufacturing, where most goods are produced to meet expected demand. But without extra inventory on hand when dominant warehouses were inaccessible, some companies were left scrambling to source supplies.

On the other hand, after COVID-19 reached pandemic levels, Toyota only halted operations for a few weeks. Because of the Fukushima disaster, Fiksel says, Toyota had adopted early-warning systems, third-party advisers, and redundancy in suppliers and resources (both energy and human).

Looking forward, PXYERA global is partnering with the New York City Economic Development Corporation to launch an initiative to reimagine the NYC economy in the wake of COVID-19. The focus will be on supporting circular businesses and growing low-and-moderate income communities, among other things. This program is just one example of how recovery from the pandemic shouldn’t mean a “return to normal.”

Inspiring initiatives such as this one demonstrate that a key part of resilience is understanding that we don’t have to repeat past mistakes; we can take what we’ve learned from global tragedy, personal struggle and financial upheaval and truly rebuild stronger organizations and communities with brighter futures.

“In the wake of COVID,” White says, “We advise businesses to look at ways to stretch and test employees’ and leaders’ skills to make them more resilient in the next pandemic or whatever is next. It’s an opportunity to not just provide immediate relief, but to change the whole system.”

Six Tips for Resilience-Building

“Resilience is the ability to survive, adapt and flourish in the face of turbulent change,” Fiksel explains. Here are six strategies he offers for building resilience in a supply chain among the competing threats of COVID-19, social unrest, cyberattacks and climate change.

1. Embrace flexibility with regard to operations, where you get supplies, how they’re transported, and how to overcome shortages.
2. Use information technology solutions to know where your products and inputs are at any time, whether it’s incoming or outgoing, timely information about the status of these products, or early warnings about delay and disruptions.
3. “Drive down decision-making to where it’s most effective,” Fiksel says. “Give managers the autonomy to understand a new threat and act to prevent it.”
4. Invest in communication tools and third-party services for real-time updates and information.
5. Dispersion of assets. Distribute your assets in several plants to be less prone to disruption. It’s also important to engage with your community. When global supply chains are disrupted, there may be more potential for locally sourced goods and services. Plus, sourcing materials from small and medium enterprises can build organizational resilience, strengthen local economies and improve employee morale.
6. Companies can’t go it alone: Work closely with both suppliers and customers to raise flags and build mutually rewarding relationships.

Learn more about The Resilient Supply Chain Benchmark and access the report on how more than 300 publicly-listed retail, pharmaceutical and consumer electronics companies have adopted resilience-building capabilities to manage real-time and longer-term risks.