Not all supply chain risks are created equal.
After three decades working with Fortune 100 companies, consulting with IBM, and teaching at both Lehigh and Villanova, I've seen leaders make the same critical mistake:
They treat every risk the same way.
Here's the reality:
A risk that happens daily with minimal financial impact requires a completely different strategy than a rare event that could bankrupt your operation.
Yet most organizations use a one-size-fits-all approach to risk management.
For this, I’ll be publishing a 4-post series on different types of risks:
Each type demands its own:
Understanding these distinctions isn't academic theory. It's the difference between a resilient supply chain and a vulnerable one.
Over the next few weeks, I'll break down each risk type with:
Because effective supply chain risk management starts with knowing exactly what you're managing.
Question for supply chain leaders:
When was the last time you audited whether your risk management resources match your actual risk profile?
At the end of the series, all posts will be uploaded onto our website under the resources tab, for your viewing convenience.
Hard Risks are the easiest to manage.
And that's exactly why most organizations over-invest in them.
Here's what defines a Hard Risk:
Think inventory shrinkage, equipment failure rates, or transportation delays.
You can calculate the financial impact. You can build models to predict them. You can track the frequency.
The problem?
While your team is building sophisticated dashboards to monitor inventory levels and optimize safety stock, the risks that will actually devastate your supply chain are lurking elsewhere.
I've seen companies spend millions on warehouse management systems to prevent known inventory risks, only to be blindsided by a supplier bankruptcy they never saw coming.
Hard Risks feel comfortable because they're controllable.
They give us data: Metrics. KPIs. Something to present in quarterly reviews.
But here's the uncomfortable truth:
The most catastrophic supply chain failures rarely come from Hard Risks.
They come from the risks we can't easily measure. The ones we'll discuss in the next post.
So how should you approach Hard Risks?
Hard Risks deserve attention, but not at the expense of the invisible threats that can take down your entire operation.
Question for supply chain professionals:
What percentage of your risk management budget goes toward managing Hard Risks versus other risk types?
I suspect most organizations are surprised when they actually calculate it.
Soft Risks are what keep me up at night.
Because by the time you see them coming, it's already too late.
Here's what defines a Soft Risk:
We call them Black Swans for a reason.
The 2011 Fukushima disaster. The 2021 Suez Canal blockage. The COVID-19 pandemic.
None of these appeared on traditional risk registers.
None had clear probability metrics. None had predictable financial impact models.
Yet each one devastated global supply chains.
Here's what makes Soft Risks so dangerous:
In my three decades working with Fortune 100 companies, I've watched organizations build elaborate risk management frameworks that completely miss these threats.
Why?
Because Soft Risks make us uncomfortable.
They're ambiguous. They're hard to budget for. They're difficult to justify to leadership.
So we focus on what we can measure and hope the Black Swans don't land on us.
That's not a strategy. That's wishful thinking.
The irony?
While Soft Risks are hard to predict individually, their existence is guaranteed.
Something unexpected will happen.
The question isn't if, but when.
So how do you manage what you can't measure?
You can't prevent Black Swans. But you can prepare for them.
Question for supply chain leaders:
When was the last time you ran a scenario planning exercise for an event that seemed "unlikely"? Those unlikely events have a habit of becoming reality.
Chronic Risks are the slow bleed of supply chain management.
They won't kill you overnight.
But they'll:
Here's what defines a Chronic Risk:
Think minor quality defects, small shipment delays, administrative errors, or recurring supplier communication issues.
Each incident costs you a few hundred or a few thousand dollars.
Not enough to trigger executive attention.
Not catastrophic enough to demand immediate action.
But here's what most leaders miss:
When you aggregate these incidents over a year, the total cost is staggering.
I've worked with Fortune 100 companies where Chronic Risks consumed 20-30% of operational resources while barely registering on the corporate risk radar.
The team is constantly firefighting.
Always fixing. Never preventing.
The real danger of Chronic Risks isn't the financial impact.
It's the organizational fatigue they create.
Your best people spend their days managing repetitive problems instead of driving strategic initiatives.
Morale drops. Turnover increases. Innovation stalls.
Eventually, these "minor" issues become accepted as "just the way things are."
That's when you've lost.
So why are Chronic Risks so hard to eliminate?
Because they're often symptoms of deeper systemic issues.
Fixing them requires investment in unsexy solutions that don't generate impressive ROI presentations.
How should you manage Chronic Risks?
You'll never get Chronic Risks to zero.
But you can prevent them from becoming the silent killer of supply chain performance.
Question for supply chain professionals:
What's one Chronic Risk your team has been dealing with for so long that it's just become "normal"? Sometimes naming it is the first step to solving it.
Acute Risks are the ones that make headlines.
Low frequency. High impact. Lethal consequences.
Here's what defines an Acute Risk:
Think major supplier bankruptcy, cyberattacks on critical infrastructure, geopolitical disruptions, or industrial accidents.
These aren't acts of nature or unpredictable Black Swans.
Acute Risks are man-made.
You can see them coming if you're paying attention.
The warning signs are there.
But here's the problem:
Because they happen infrequently, organizations convince themselves they won't happen at all.
"We've never had a supplier go bankrupt." "That region has been stable for decades." "We haven't been breached."
Until they have.
I've watched companies lose hundreds of millions because they failed to prepare for an Acute Risk that everyone knew was possible but nobody thought was probable.
The difference between Acute Risks and Chronic Risks is brutal:
A Chronic Risk costs you money and time over years.
An Acute Risk can end your business in weeks.
So how do you manage Acute Risks?
The key word is before.
Once an Acute Risk materializes, your options shrink dramatically.
Speed matters, but preparation matters more.
Here's what separates resilient supply chains from vulnerable ones:
They don't ask "What if this happens?" They ask "When this happens, what will we do?" That shift in mind-set changes everything.
Question for supply chain leaders:
If your most critical supplier disappeared tomorrow, how long would it take you to recover?
If the answer is "I don't know," you have an Acute Risk problem.