Data leaks, ransomware attacks, and a regulatory barrage from the Supply Chain Act to NIS-2 make modern supplier risk management a core task for procurement. In the webinar "Proactively Managing Strategic and Cyber Risks in Complex Supply Chains," Fabian Liebscher (Procurement Expert, Tacto) and Nial Moore (Director Cyber-Supply Chain Risk Management, PwC) explain how procurement organizations can make risks measurable, embed cyber resilience, and keep operational effort under control.

Starting Point – When Risks Grow Faster Than Spreadsheets

‍

• Cyber threats are shifting: Attackers are increasingly targeting mid-sized suppliers with weaker protection.
  ‍
• Opaque supply chains: Relationships with sub-tier suppliers remain hidden; warning signs often only appear after damage has occurred.
  ‍
• Rising documentation requirements: Regulations like NIS-2, the Cyber Resilience Act, or DORA demand seamless documentation deep into the supply chain.
  ‍
• Limited capacities: Specialists and budgets for cyber analyses are scarce; many risks therefore remain undetected.

The result: high documentation effort, decisions based on gut feeling, and unnecessary production risks.
‍

Cyber Resilience – From Cost Factor to Competitive Advantage

‍

A single cyber incident at a logistics partner can paralyze entire production lines, trigger contractual penalties, and strain business relationships. Those who identify risks early and manage them systematically not only protect their ability to deliver but also gain negotiating power with customers and regulators.

‍
‍

When the Cyberattack Hits – Maintaining Operational Capability in an Emergency

In April 2024, the traditional company HYMER fell victim to a massive cyberattack. Within hours, the ERP system went down completely – including communication, approval processes, and ordering.

Yet procurement remained operational:
With Tacto, all open orders could be tracked, supply capability ensured, and revenue stabilized – because data, communication, and control remained available independently of the ERP system.

"Even though our entire ERP system was down, we were able to continue working with Tacto – delivery capability and revenue remained virtually unaffected."
– Alexander Frei, Head of Materials Management, HYMER
‍

From Risk to Resilience – Holistic & Scalable

What many manage manually in Excel or email can be systematized with Tacto:

‍

• Make risks visible
  Automatic assessment based on corruption or cyber indices, for example.

• Create transparency
  Scorecards consolidate data from various sources into a unified evaluation system.

• Act early
  Concrete action packages can be triggered, monitored, and documented directly in the tool.

• Prepare for audits
  All evidence – including accountability reports and history – available at the click of a button.

• Raise stakeholder awareness
  Risks become communicable – to management, CSR, IT, or external partners.

‍
‍

Value Beyond Compliance

‍

• Global transparency: Orders from all plants appear in a single view.

• Eliminate process errors: Maverick buying and duplicate orders are detected early.

• Food for thought instead of routine: Regular insights challenge established sourcing patterns.

• Strategic freedom: Routine tasks shrink, negotiation levers are actively utilized.

‍
‍

Conclusion

‍

Cyber resilience is no longer an optional extra task but a decisive competitive factor. With Tacto's platform, risks, costs, and compliance evidence can be managed in one end-to-end process. Procurement teams shift from reactive risk administrators to proactive command centers for digital security and value creation.

Fabian Liebscher (Tacto) and Nial Moore (PwC) show how strategic and cyber risks in supply chains can be systematically managed: Guided onboarding, weighted risk scorecards, and real-time alerts create transparency across all stages of the supplier lifecycle. Case studies demonstrate how standardized cyber supply chain processes reduce risks and raise stakeholder awareness. Even during a cyberattack, as in the case of HYMER, procurement remained operational with Tacto – compelling proof that digital resilience is becoming a central competitive advantage.