The modern face of disruption: Navigating beyond natural disasters to IT outages

In the digital era, supply chain disruptions have evolved beyond natural disasters and political unrest to include technological failures. The recent Microsoft-CrowdStrike outage highlighted the fragility of interconnected digital systems, disrupting critical operations and bringing businesses to a standstill. This event underscores that disruptions can stem from the very tools designed to streamline and protect supply chains. Today, an IT outage can unravel commerce’s threads with unprecedented speed and scale, challenging traditional paradigms of supply chain resilience and necessitating new preparedness for unforeseen digital disruptions.

The threat landscape for supply chains has drastically shifted in the digital age. While physical disruptions were once primary concerns, today’s supply chains must contend with virtual threats. The interconnectedness of modern commerce introduces new vulnerabilities. A single software update or cybersecurity flaw can trigger a cascade of failures globally, as exemplified by the Microsoft-CrowdStrike incident. This new breed of disruption is subtle yet pervasive, originating within the digital frameworks that underpin supply chain operations.

The unseen risks of IT reliance

Reliance on information technology has become a double-edged sword in supply chain management. Digital solutions offer unmatched efficiency and integration but also expose supply chains to risks as disruptive as traditional threats. The Microsoft-CrowdStrike outage is a prime example of the unseen risks accompanying IT reliance. A software update gone wrong led to the infamous “blue screen of death” on Windows systems, affecting sectors like healthcare, transportation, and retail.

• Healthcare: Providers faced significant disruptions, with some hospitals postponing elective surgeries and reverting to manual systems for patient care. Emergency services experienced delays, potentially impacting patient outcomes.
• Financial sector: Banks encountered challenges in payment processing and customer service, hindering transactions and access to funds.
• Aviation: System failures led to flight cancellations, causing inconvenience for travelers and economic losses. Airlines like United and Delta had to cancel hundreds of flights.
• Retail: Companies like Starbucks faced issues with mobile ordering systems, leading to temporary store closures and highlighting the deep integration of IT systems in routine business operations.
• Public sector: Emergency call centers experienced difficulties, and government offices suspended services, affecting public safety and trust in government operations. Border crossings faced delays, impacting national security and commerce.

These examples showcase the multifaceted risks that IT reliance brings to supply chains. The incident wasn’t a cyberattack, yet its impact was profound, emphasizing the need for robust IT resilience strategies. Supply chains must account for the possibility of software bugs, compatibility issues, and the cascading effects of digital failures. Developing contingency plans, investing in redundant systems, and conducting regular IT health checks are now as vital as traditional risk management measures.

Broadening the scope of risk management

The Microsoft-CrowdStrike outage is a clarion call to broaden traditional risk management within supply chains. Traditionally focused on mitigating physical disruptions, risk management must now encompass the digital realm, where IT outages pose an equal, if not greater, threat to operational continuity. This paradigm shift requires a holistic approach that integrates IT risk with the overall supply chain risk strategy.

• Digital resilience: Businesses must scrutinize the digital resilience of their supply chains with the same rigor applied to physical logistics. Preparing for cyberattacks and the inadvertent consequences of increasing reliance on technology is crucial. Rigorous testing of updates and patches before deployment is essential, especially when they impact critical infrastructure.
• Incident response plans: A broadened risk management strategy demands comprehensive incident response plans that cover IT disruptions. These plans should include clear communication protocols to inform stakeholders and customers of outages and steps to quickly restore services. The ability to swiftly respond to and recover from an IT outage can significantly reduce the disruption's impact on operations and reputation.
• Interdependencies: Supply chain managers must consider the interdependencies of their digital tools and platforms. The CrowdStrike incident illustrates how a problem in one area can affect seemingly unrelated systems. By mapping these interdependencies, companies can identify potential single points of failure and develop contingency plans to maintain operations should one system go down.
• Technology diversification: Relying on a single provider for critical supply chain functions creates a vulnerability that can be exploited, whether by malicious actors or unintentional errors. By employing a multi-vendor strategy, businesses can ensure that a backup is always available if one system fails.From the CEO’s perspective: Navigating the current economic backdrop

From the CEO’s vantage point, the intersection of economic conditions and supply chain resilience is crucial for strategic decision-making.

• Economic volatility: With the global economy experiencing significant volatility, fluctuating demand and disrupted supply chains are commonplace. IT disruptions can exacerbate these challenges, leading to further instability. CEOs must build resilience strategies that address both economic shocks and IT-related disruptions, ensuring their supply chains can adapt to rapid economic changes.
• Inflation: Rising costs, including for technology and IT infrastructure, pressure companies to balance digital resilience investments with financial constraints. Strategic investments in scalable IT solutions can help mitigate these pressures. However, CEOs must manage the increased operational costs caused by IT disruptions, especially amid inflationary pressures.
• Supply chain bottlenecks: The pandemic revealed the fragility of global supply chains, with widespread delays and shortages. IT disruptions can worsen these bottlenecks, leading to longer lead times and greater uncertainty. CEOs need to promote diversification of suppliers, build buffer stocks, and invest in robust digital infrastructure to navigate these challenges effectively.
• Labor shortages: Labor market shortages, particularly in logistics and manufacturing, are exacerbated by IT disruptions that cause delays and reduce productivity. CEOs should consider investing in automation and resilient digital solutions to mitigate the impact of labor shortages.
• Consumer expectations: Today’s consumers expect seamless and reliable service. IT disruptions can damage brand reputation and customer trust. CEOs must ensure their digital infrastructure supports consistent service delivery, even during disruptions, to maintain customer satisfaction.

From the CSO’s perspective: Integrating IT disruptions with supply chain management principles

For CSOs, the modern supply chain must integrate IT resilience with traditional management principles to ensure comprehensive continuity.

• Lean manufacturing: Lean principles aim to eliminate waste and maximize efficiency. However, lean systems with minimal slack can be highly vulnerable to IT disruptions. Ensuring that critical processes have digital backups and fail-safes is essential for maintaining continuity during outages.
• Just-in-time (JIT): JIT minimizes inventory costs by synchronizing production schedules with demand. This tight coordination depends on robust IT systems. An IT outage can disrupt JIT processes, leading to production halts and delivery delays. Strengthening JIT systems with redundant IT infrastructure and contingency plans helps mitigate these risks.
• Risk diversification: Diversification is key to managing supply chain risk. Relying on multiple suppliers and technology providers reduces the impact of any single point of failure. The Microsoft-CrowdStrike outage highlights the need to avoid over-dependence on a single technology vendor. Implementing a multi-vendor strategy and cross-training staff on different systems enhances resilience.
• Agility and flexibility: Modern supply chains must be agile to adapt quickly to disruptions. This requires a flexible IT infrastructure capable of responding to changing conditions. Investing in cloud-based solutions and modular IT architectures provides the agility needed to reroute operations and maintain service levels during outages.

As supply chains increasingly intertwine with digital technologies, addressing IT disruptions is crucial for maintaining resilience. The Microsoft-CrowdStrike incident underscores the need for comprehensive strategies that blend traditional supply chain principles with modern IT resilience practices. For COOs and CSOs, integrating digital resilience into supply chain management principles and preparing for IT-related disruptions are essential for operational continuity. From a CEO's perspective, navigating the economic landscape while ensuring robust supply chain resilience requires strategic foresight and adaptability. Embracing these strategies will equip businesses to face both technological and economic challenges, securing their position in an interconnected world.

About the author

Mihir Patel is a seasoned professional with an extensive background in supply chain & operations, sustainability, product management, and engineering. Patel has over 10 years of diverse experience working in India, the Middle East, and the U.S. Currently serving as a manager in EY’s Supply Chain and Operations consulting practice, Patel has successfully undertaken multiple large-scale supply chain transformation projects.

SC
MR