CEO Tom looked at his head of procurement/supply chain and operations, Ronald, and asked, “I hadn’t thought to take the external context—the supply chain—into account when looking at cyber risk management. Why should we?”

The reply was quick. “The first point is that in an increasingly specialized world where globalized outsourcing has been growing for a number of years, the percentage of an operation’s costs that sits in their supply chain is typically between 60 and 80 percent of the total costs.” Ronald explained that means that when things go wrong in the supply chain, they can have a dramatic impact on the overall organizational performance. Their globalized nature also means that there are many more opportunities for cyber risk to impact results.

He cited a few statistics from World Economic Forum’s “Global Risks Report 2016,” which finds risks on the rise in 2016. This, in turn, will be exacerbated by the coming fourth Industrial Revolution. A few facts struck Tom as particularly noteworthy: Evidence is mounting that interconnections between risks are becoming stronger and that these often have major and unpredictable impacts. Cyber attacks are now considered the greatest risk of doing business in North America. They also feature as a top business risk in no fewer than seven other countries, ...