Enterprises know that merely having a supply chain involves a certain amount of risk, but few do enough to protect against the one-off, extreme incidents that can disrupt them.
That's according to Yossi Sheffi, an MIT professor who is director of its Center for Transportation & Logistics.
"Events that rarely happen but wreak havoc pose the most dangerous threat to corporate health," Sheffi wrote in an article this week in The Wall Street Journal.
Such events -- sometimes referred to as "black swans" -- include unanticipated catastrophes such as Hurricane Katrina, the BP Horizon oil rig explosion, the 9/11 terrorist attack, the tsunami that hit Japan in 2011, and even the Volkswagen emissions scandal.
While most risk-planning processes focus on events that happen relatively often, such as routine weather emergencies, they often ignore the extreme ones that are considered too unlikely to worry about, Sheffi argues.
While such events are unlikely, the probability that they'll happen isn't zero -- as history has proven again and again.
"Black swans are never expected," Sheffi said in an interview. "There are many examples of low-probability, high-impact disruptions. People don't believe they can happen, but they do -- and there will be more."
Vendors such as Resilinc and Elementum along with IBM, SAP and Cisco are increasingly coming out with software to help companies protect themselves, he noted.
But it's not easy to connect all the dots. A large enterprise can have thousands of suppliers, for instance, and each of those companies may have suppliers of their own. With all those moving parts, managing all the places disaster can strike is a complex matter.
To begin assessing the impact of a catastrophic event, a business needs to go through the bill of materials for each of its products, with an eye toward not just its main suppliers but secondary ones as well. "Often you just get the address of headquarters, which is not where the plants are," Sheffi said.
When a black swan happens, companies must quickly determine what products are affected and which customers are using them, along with the financial contribution from each. Plant locations and inventory levels are key. Equipped with that information, companies must decide where to focus their recovery effort.
It can't always be an automatic process, either.
"Say you're a small parts supplier, and you just got a small contract with GM," Sheffi said. To a computer it may look like any other contract, but with a company the size of GM it's an opportunity for a lot more business in future.
Given the high levels of churn among customers and suppliers, systems must also be updated frequently.
Making the process easier is that many software vendors are focusing on industry verticals, Sheffi said, helping to disseminate any knowledge about particular suppliers.
Sheffi recommends that companies begin by talking with the people in their supply chain, and also investigating any software available for their industry.
Joining industry groups can be another effective way to make progress -- "many of these things are done that way," he said.
Even on issues such as social responsibility, it's important to keep in mind suppliers' impact.
"If you're running a large enterprise, you may not be polluting the environment, but maybe one of your suppliers is," he says. "That can be a really serious issue, because consumers will respond."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.