ki “t”felikeeping on “top” of evolving threats · data center era 1970s •viruses •theft...
TRANSCRIPT
K i “T ” f E l iKeeping on “Top” of Evolving Threats
Gary S. LynchGlobal Leader
International Trade & Supply Chain RiskInternational Trade & Supply Chain RiskMarsh
A Confession!A Confession!
$12 illi f d• $12 million fraud• Organized crime and foreign nations• Escalating costs and “un-sellable” value
propositionproposition• Massive security design and interoperability flaws
in new technology platforms• Privacy ignored• Client server security unachievable• 2 year CISO life cycle• Cosmetic industry dwarfs security industry
“Lynch your problem is that you care too much”• “Lynch, your problem is that you care too much”
• eDiscovery• Cloud security• Encryption hacks• Environmental and
energy regulation compliance
• DLL vulnerabilities• PCI compliance• Government access to
communications and confidentiality
E B i C ll b ti Issues mount….
requirements• More sophisticated
organized crime attacks, thefts and fraud
• Messaging attacks
E-Business Collaboration & Global Connectivity
(2000-)
• Cyber-terrorism• Cyber-extortion
• Malware• Botnets• Rootkits• Phishing Scams• Advanced social
network attacks
Client Server Computing & Web Era (90s)
Cybe e to t o• Personal Privacy
attacks including identify theft, profiling, e-mail monitoring
• Denial of service network attacks• Resurgence of
workplace violence• Unparalleled cost
constraints • Product
contamination
PC/LAN Era(1980s)
•Cyber-Vandalism•Theft of portables•Computer sabotage•EFT Fraud•Govt sponsored
attacks, spamming, network flooding
• Global probing (foreign nations seeking competitive advantage &
) contamination• Supplier failure• Technology
obsolensce• Nanoparticle toxicity• Conflict metals• Critical infrastructure
• Dial-up hacking• Theft of
equipment
Data Center Era 1970s
•Viruses•Theft of portables•Hard disk thefts•Computer sabotage
•Govt sponsored spying•Knowledge theft•Cyber-espionage•Credit card theft•Cyber-negligence•Cyber-
knowledge)• E-Intellectual Property
& information leakage• Intellectual property
theft, cyber-spying• Systemic technology
• Critical infrastructure breakdown
q p• Misuse of
computing resources
sabotage•EFT Fraud
Viruses 1986 = 4
defamation
Viruses 1990=2501999=45k
Viruses 2007 = Total unknown. Between 11-70 attacks every 5 minutes
failure/ interdependency risk
Source: “At Your Own Risk”, Gary Lynch,Wiley, 2008
Back on Top?Back on Top?
90
100
60
70
80
90
30
40
50
60
0
10
20
30
0
1960
1965
1970
1975
1980
1985
1990
1995
2000
2001
2005
2010
2015
How Do We Keep It On Top?Supplier Failures
(financial, production, design, etc.) Spoilage
Price, Currency, and Interest
R tImproper Handling
Delivery Delays
Poor PackagingRaw Materials
Filling & Packaging
Unanticipated
Rate FluctuationsUnanticipated
Supply Constraints,
Allocation, or Price Increases
Counterfeiting
p p gor Cargo Placement
Diversion/
Manufacturing
C
Wholesaler
DistributionCenter
Natural Disasters
f O
Unanticipated Demand Surge
or Drop-offPolitical Upheaval
Gray Market
ConsumerWork StoppagesLabor Disputes
Infrastructure Outages (fire in plant, power grid
down, etc.)Theft
PandemicPandemicSource: Marsh
Key ConceptsKey Concepts
• Relevance
Effi i• Efficiency
• Value
Staying on top…
RelevanceRelevance• Next wave of leaning (and risks)
Information flows• AIAG – MOSS work group study
3PLs OceanCarrier Fax
Suppliers
Carrier
ImportBuyerCustoms
Fax
E-mail Mail
CustomBroker
FreightForwarder
Courier
Staying on top…
Fi diFindings• 15% of inbound ocean shipments experience p p
delays en-route due to inaccurate or incomplete dataM j it f id f i ili d• Majority of providers are faxing, emailing and even carrying paper documents for shipments
• 79% of all data used in re-keyed79% of all data used in re keyed• Potential savings of > $1 billion
Staying on top…
R lRelevance
• Change = uncertainty• Leaning opportunity = exposure to uncertainty • Exposure to uncertainty = relevance• Integrated business, financial & operational
i iti ti ( d t it )initiative (and opportunity)• Observe business trends, position and build
the case!the case!
Staying on top…
EfficiencyEfficiency
Enterprise Risk Management7 9
9Inherent Risk
9Mgmt. Effectiveness
Enterprise Risk Management
6.6
8.27.9
6.96 5
7.2
6 3
7
6
6.4
6
7
8
6
7
8
4.5 4.5 4.5
5.2
4.6
5.3 5.4
66.5 6.3
5.2
4
5
6
4
5
6
3.6
2
3
2
3
1 1
Mngt. Effect. 4.5 4.5 3.6 4.5 5.2 4.6 5.3 5.4 6 6.6
Inherent Risk 8.2 7.9 6.9 6.5 7.2 6.3 7 6 5.2 6.4
Product SupplyChain Technology Environ. InformationFinancial Physical
Security Market Labor Health
Source: Marsh
Security, Government CrisisCFOEH&S,
FacilitiesRM
BCM,EM, RM,Facilities
Affairs & Legal
Management,Legal,
Marketing
CFO,Legal
Competing and C SuiteSecurity, Competing and Inefficient Risk Initiatives
C SuiteSales &
MarketingHuman
Resources, Operations
Operations,Procurement
EH&S,SecuritERM,
LegalIT SecuritySecurity,IT Security
Human Resources
Procurement,Logistics
LegalProduct
Risk
IT Security,Legal
Staying on top…
Effi iEfficiency
• It’s about the macro risk priorities and the paradigm
• Lead by integrating and leveraging common processes rather than…integrating organizations
• A common set of metrics and ERM approach h l i iti i k ti itihelp prioritize risk activities
Staying on top…
V lValue
• “You don't get paid for the hour. You get paid for the value you bring to the hour.” Jim Rohn
• “Value” according to the stakeholders• Top down or bottom up?p p
Staying on top…
Value
Market
Client, Competitors, Regulators, Ecosystem
Value
Families, SKUs, Services, Products, Brand
ValueProduct or Service, Cash, Information
ProcessesSourcing, Distribution, Origination, Productions, Logistics…
Flows
Functions
HR, Security, Procurement, Sales, Compliance….
Processes
ResourcesLabor, Technology & Processing, Assets, Relationships
Source: “Single Point of Failure”, Gary Lynch, Wiley 2009
SummarySummary
• Exciting time & many opportunities• More complex and competitive risk environment• Higher stakes role more critical than ever• Higher stakes, role more critical than ever• Market, business & behavioral risk consciousness
needed• Priorities: Relevance, Efficiency and Value
