This year's CIO & IT Leadership survey of 240 senior IT leaders revealed that a high expectation of disruption is expected across IT supply chains: geo-political and social instability ranks as the second 'most likely' disruptor and 50% think the likelihood of Supplier Failure is high or very high.
Given these widespread expectations of disruption, what we didn't expect is the lack of understanding within organisations of 'where' their IT services were actually supplied from. This means potentially serious vulnerabilities exist for organisations who currently source business-critical IT services from geopolitically-sensitive regions - perhaps without even realising it.
Fig 1: In which area(s) is the delivery location of IT services poorly understood by your wider organisation?
The 2023 survey found that many organisations have a weak understanding of where IT services are delivered from - see Fig. 1 - irrespective of whether these are internal, received from managed service providers or channelled indirectly through SaaS type digital services.
This lack of insight into where IT services are sourced from came into sharp focus recently with the Ukraine conflict. As well as disruption to the burgeoning Ukrainian IT sector, organisations were caught off guard by services and resources delivered from within Russia, which in some cases necessitated repatriation of Russian nationals to a more friendly geography.
With tensions rising in other geographies such as the Chinese posture towards Japan and Taiwan or instability on the Korean peninsula, there is the possibility that matters will escalate and the same short and medium-term challenges could easily arise. However, when disruption does hit a vulnerable part of your extended supply chain, not anticipating the potential consequences can prove costly - especially if the impacts are widespread and you find yourself at the back of the queue with no Plan B.
The first step is to thoroughly understand your IT supply chain. Unless you have a very simple business model with limited scale, your IT landscape is likely to be relatively complex with dark corners where your understanding of what services are, who really delivers them and why they are required will be sketchy. This applies equally to the in-house team as it does to your third-party vendors and their subcontractors.
To complete this baselining, you should also look outside the IT function. The growth of SaaS means there may well be IT services quietly scattered through the business - and IT enabled BPO services are also part of the picture. Once you have a deeper understanding of the landscape you can start to risk assess it and address it. It will take time and resources but can be accelerated with the help of specialist skills and knowledge.