Businesses have never had more supply chain data. So why do disruptions still catch them by surprise?

Supply chains have spent the past five years under almost constant pressure:

• A global pandemic exposed hidden dependencies.
• Geopolitical tensions reshaped trade routes and sourcing decisions.
• Climate-related events disrupted production and logistics.
• Cyberattacks highlighted vulnerabilities deep within supplier networks.
• Regulators, investors and customers have all increased scrutiny of how products and services are sourced.

The environment has changed but the question is whether the way organisations think about supply chain risk has changed with it.

That was the starting point for RSM's latest Supply Chain Integrity research.

We surveyed 250 business leaders to understand how organisations are assessing risk, investing in resilience and preparing for future disruption. We wanted to understand whether leadership teams and operational teams share the same view of supply chain readiness.

At first glance, the findings are reassuring. 86% of organisations say they're confident their supply chains can withstand major global shocks such as geopolitical conflict. The more interesting question is why they think that, because when we looked beneath that headline figure, the evidence was less clear.

More than half of organisations had experienced multiple supply chain incidents in the last 12 months. Fewer than half expressed full confidence in their supply chain strategy and only 30% actively monitor geopolitical risk.

That's where the research became interesting, because the issue doesn’t appear to be a lack of confidence. It's whether that confidence is fully supported by the activities, visibility and evidence that underpin genuine resilience.

We're calling it the Supply Chain Confidence Trap.

The gap between boardroom and operations

One of the most striking findings was the difference between how senior leaders and operational teams perceive their ability to respond to disruption.

Nearly two-thirds (64%) of C-suite leaders told us their organisation can respond quickly to supply chain disruption. But only 41% of operational leaders agreed.

That could be a communication issue, but what’s more worrying is that it might be a governance issue, highlighting the fact that leadership teams and operational teams experience supply chains differently. C-suite see investment decisions, risk frameworks, assurance processes and performance reports, while operational teams experience the reality of delivering through disruption. They see where information is delayed, where suppliers create bottlenecks, where contingency plans depend on key individuals and where visibility disappears beyond immediate suppliers.

Neither perspective is wrong, but when the gap between the two becomes too wide, organisations risk making strategic decisions based on assumptions that aren’t universally shared or understood. So, the issue isn’t confidence itself; confidence is important. The real question is what that confidence is based on. That’s when confidence itself can become a risk, and this theme appeared repeatedly throughout the research, most notably in attitudes towards supplier resilience.

88% of respondents said they were confident that their critical suppliers could withstand a cyberattack. That’s highly reassuring, but what’s the source of that confidence? For some organisations, the answer will be independent assessments, assurance programmes, supplier audits and tested response plans that provide a robust evidence base.

For others, confidence may be rooted in trust, long-standing relationships or historic performance.

The distinction matters, because modern supply chain disruption doesn’t arrive with an advance warning. When disruption hits, assumptions are tested very quickly and organisations are judged not on what they believe about their supply chains, but on what they can demonstrate.

Supply chain risk is changing shape

Another theme emerging from the research is the changing nature of supply chain risk itself.

Traditionally, organisations have viewed supply chain risk through an operational lens, focusing on issues such as supplier failure, logistics disruption, inventory shortages or cost increases. While those risks remain important, they don’t exist in isolation.

Today’s supply chain risks span a much wider range of threats:

• Geopolitical instability influences sourcing decisions.
• Climate events affect production and transportation.
• Cyber threats can spread across supplier ecosystems.
• Labour practices can become reputational issues overnight.

These risks are interconnected, yet many businesses continue to assess them individually.

30% of respondents assess supply chain risk over a 12-month horizon, while only 5% take a five-year view, which suggests many are still managing supply chain risk through frameworks designed for a more predictable environment.

The challenge is that today's risks are increasingly systemic, long-term and interconnected and they need a different mindset, which is where the conversation needs to shift.

For much of the past decade, efficiency and cost have been top of the agenda. But resilience and integrity need to be up there now. Can the supply chain absorb disruption? Can it recover?

From supply chain resilience to supply chain integrity

Supply chain integrity isn’t just about operational performance, it’s about visibility, transparency and assurance; the ability to understand where risk exists, how it’s managed and whether the evidence supports the level of confidence being expressed.

Expectations are changing. Customers are asking more questions, regulators are raising standards, investors are taking greater interest in supply chain governance and employees increasingly want organisations to demonstrate responsible business practices throughout their value chains.

In this environment, organisations need more than resilient supply chains, they need supply chains they can confidently explain, defend and evidence.

The most important finding from our research is not that organisations face significant supply chain risk. Most leaders already know that. It’s that many organisations may be operating with different versions of reality, different perceptions of readiness, different levels of understanding of exposure, and different assumptions about resilience.

The question for leaders therefore isn’t whether their supply chain is resilient, it’s whether they know enough about it to prove that it is. Because the organisations that are going to succeed over the next decade probably won’t be those with the highest levels of confidence, they’ll be the ones with the strongest evidence.

And that may be the difference that matters most.

Talk to our supply chain specialists

If you want to understand where confidence meets evidence in your supply chain, our supply chain team can help you identify gaps and build the assurance frameworks that matter.

Latest related insights