Data leaks, ransomware attacks and a barrage of regulations from LKSG to NIS-2 make modern supplier risk management a core task for procurement. In the webinar "Proactively managing strategic and cyber risks in complex supply chains", Fabian Liebscher (procurement expert, Tacto) and Nial Moore (Director Cyber-Supply Chain Risk Management, PwC) explain how procurement organizations can make risks measurable, anchor cyber resilience and keep operational costs under control.

Initial situation - when risks grow faster than Excel spreadsheets

‍

• Cyber threats are shifting: attackers are increasingly targeting SME suppliers with weaker protection.
  ‍
• Opaque supply chains: Relationships with subcontractors remain hidden, warning signals often only appear after the damage has occurred.
  ‍
• Increasing verification requirements: Regulations such as NIS-2, the Cyber Resilience Act or DORA require complete documentation down to the depths of the supply chain.
  ‍
• Limited capacities: Specialists and budgets for cyber analyses are scarce; many risks therefore remain undetected.

The result: high documentation costs, decisions based on gut feeling and unnecessary production risks.
‍

Cyber resilience - from cost factor to competitive advantage

‍

A single cyber incident at a logistics partner can paralyze entire production lines, trigger contractual penalties and put a strain on business relationships. Those who recognize risks early and manage them systematically not only protect their ability to deliver, but also gain negotiating power with customers and supervisory authorities.

‍
‍

When the cyber attack comes - the ability to act in an emergency

In April 2024, the long-established company HYMER fell victim to a massive cyberattack. Within a few hours, the ERP system failed completely - including communication, approval processes and ordering.

Nevertheless, Procurement remained operational:
With Tacto, all open orders could be tracked, delivery capability ensured and sales stabilized - because data, communication and control remained available independently of the ERP.

"Although our entire ERP system was down, we were able to continue working with Tacto - delivery capability and sales remained almost unaffected."
- Alexander Frei, Head of Materials Management, HYMER
‍

From risk to resilience - holistic & scalable

What many people maintain manually in Excel or e-mail can be systematized with Tacto:

‍

• Making risks visible
  Automatic assessment, e.g. using corruption or cyber indices.

• Creating transparency
  Scorecards bundle data from various sources into a standardized evaluation system.

• Act early
  Concrete packages of measures can be triggered, monitored and documented directly in the tool.

• Prepare audits
  All evidence - including accountability reports and history - available at the touch of a button.

• Sensitize stakeholders
  Risks can be communicated - to management, CSR, IT or external partners.

‍
‍

Added value through compliance

‍

• Global transparency: Orders for all plants appear in one view.

• Eliminate process errors: Maverick buying and duplicate orders are detected at an early stage.

• Food for thought instead of routine: regular tips question familiar procurement channels.

• Strategic freedom: routine activities shrink, negotiating levers are actively used.

‍
‍

Conclusion

‍

Cyber resilience is no longer an optional extra, but a decisive competitive factor. With the Tacto platform, risks, costs and proof of compliance can be managed in an end-to-end process. Procurement teams switch from reactive risk managers to proactive control centers for digital security and value creation.

Fabian Liebscher (Tacto) and Nial Moore (PwC) show how strategic and cyber risks in supply chains can be systematically managed: Guided onboarding, weighted risk scorecards and real-time alerts create transparency at all stages of the supplier lifecycle. Practical cases show how standardized cyber supply chain processes reduce risks and raise stakeholder awareness. Even in the event of a cyberattack, as in the HYMER case, Procurement remained capable of acting with Tacto - convincing proof that digital resilience is becoming a key competitive advantage.