The Four Myths of Supply Chain Risk

Larry Snyder, Ph.D. Senior Research Associate
Read Time: 8 minutes apprx.

Rows of new cars covered in protective white sheet

In over 15 years of studying supply chain risk, there is a common set of comments that I often hear from both supply chain researchers and practitioners. Whether they would admit it or not, the people making these comments are basically using them as an excuse to say, “Meh. I’m not going to bother dealing with risk.”

I call them the Four Myths of Supply Chain Risk:

  1. Supply chain disruptions are rare events.
  2. Each disruption affects only a small part of the supply chain.
  3. Protecting against risk is prohibitively expensive.
  4. We already protect against supply risk (by protecting against demand risk).

Therefore (I imagine these folks concluding), it’s not worth investing capital to protect against supply chain risk.

Let’s see why these are only myths.


Myth #1: Disruptions Occur Infrequently


Disruptions can be large or small. It is true that disruptions of the magnitude of 9/11, superstorm Sandy, or the 2011 Japan earthquake may be rare. But smaller disruptions are quite common. Consider, for example, disruptions caused by machine breakdowns, supplier stockouts, and absent workers. These can occur on a daily basis.

And for large supply chains, even major disruptions are commonplace. For example, Walmart has 166 distribution centers in the U.S. Suppose each DC has only a 0.1% risk of experiencing a major disruption in a given year. That means that each year, there is a 15% chance that at least one DC will have a major disruption. And the probability is virtually 100% if we consider Walmart’s 11,000+ stores worldwide. Because of this, Walmart has an Emergency Operations Center that monitors weather, supply levels, utilities, and social media to make real-time adjustments to operations, logistics, and merchandising decisions.

To take another example of this sort of statistical compounding, in the 1960s the U.S. Army Corps of Engineers established flood-defense standards that would place the annual flood risk in New Orleans at around 200:1. It seems like a low-probability event, but during an average 77-year human lifespan, this translates to a 32% chance of seeing New Orleans flooded. (And of course, in 2005, it was.)


Myth #2: Disruptions are Localized


In 1998, workers went on strike at two General Motors parts plants. Twenty-six assembly plants were forced to shut down for lack of parts, and nearly 100 more parts plants shut down for lack of demand. In the end, dealer lots were vacant for months, costing GM more than $2 billion in lost profits.

Even though those 2 parts plants represented a tiny fraction of GM’s overall supply chain, the strikes’ ripple effect was enormous.

Here’s a scarier example: A terrorist attack on New York Harbor in winter could halt shipments of heating fuel to the northeastern United States. National security analysts have estimated that New England and upstate New York would run out of fuel in 10 days. Even a temporary halt would have significant cascading effects.

That’s the key word: cascading. Even if the epicenter of a disruption is localized, its effects are not. Studies by researchers at Georgia Tech (here, here, and here) found that supply chain “glitches” can cause 40% negative stock returns, 10% negative shareholder value, 7% negative sales growth, 10% cost growth, 14% inventory growth, and 14% increased equity risk.


Myth #3: Risk Protection is Expensive


Let’s distinguish between risk prevention and risk protection. It’s certainly true that risk prevention can be expensive, if not impossible. We can’t prevent hurricanes, and retrofitting warehouses to be hurricane-proof is costly. But I’m not talking here about preventing disruptions; I’m talking about protecting supply chains so they can withstand them.

In fact, what I’m really talking about is leveraging tools that are already within the supply chain so that they can also protect against risk–tools like inventory, supplier selection, backup capacity, and network design. These are tools that are already in place to protect against demand uncertainty (among other reasons), and they can be modified to protect against supply risk as well.

Here’s one way this can work. Imagine solving a network design problem to choose locations for warehouses. Some solutions perform better than others in the day-to-day, and some solutions perform better than others when disruptions happen. You might be reluctant to choose a solution that performs well under disruptions, thinking it will cost too much in the day-to-day. But often this is not the case.

We can evaluate any given solution (set of locations) in terms of how well it performs when things go smoothly (the day-to-day cost), as well as how well it performs when there is some sort of disruption. For each solution, we can plot how it performs in both of these objectives on a tradeoff curve:


(This is from a study I published in 2005. I’ll skip the details; if you’re interested, they can be found here.)

That first solution — the red point on the curve — is the one you’d pick if you didn’t care about risk at all. It’s the optimal “day-to-day” solution. But it’s a really expensive solution when things go wrong. On the other hand, the blue solution is 13% better in the disruption cost and only 3% worse in the day-to-day cost. The green solution is 27% better in the disruption cost and 7% worse in the day-to-day cost. This starts to feel like a tradeoff worth making.

And this phenomenon is very common in network design and other problems. It’s often true that we can improve the reliability of the supply chain significantly without large increases in cost.

It’s a lot like insurance: We’re willing to pay a little more now, so that if things go wrong later, we’re covered. (Or, to be more mathy about it: We’re willing to sacrifice some expected cost in order to “buy down” the cost variance.)


Myth #4: We’re Already Doing It


In some ways, supply risk and demand risk seem like two sides of the same coin: Having too little supply is the same as having too much demand. Indeed, as I noted above, many of the mitigation strategies for one type of risk–inventory, sourcing, capacity–are also useful in mitigating the other.

The good news is that we have been studying and operating supply chains under demand risk for decades, and we know a lot about them.

The bad news is that the “conventional wisdom” we’ve gained over these decades is often wrong when it comes to supply risk.

For example, imagine having several DCs that serve retailers throughout the country. The question is, would it be better to consolidate these DCs into a single warehouse? That is, should we use a centralized or a decentralized inventory strategy?

(To keep things simple, let’s ignore inbound and outbound transportation costs. This is purely an inventory question.)


Under demand risk, it is well known that a centralized strategy is better: Pooling the inventory minimizes the expected inventory cost required to meet a given service level. This is the risk-pooling effect.

But under supply risk, a decentralized strategy is better: Disruptions at the DCs will be more “islanded”, affecting a smaller portion of the supply chain. By decentralizing, we avoid putting all our eggs in one basket. This is something my coauthors and I call the risk-diversification effect.

And there are many examples like this–situations where the optimal strategy under supply risk is different from what it is under demand risk, even if the underlying tool (e.g., inventory) is the same in both cases.

(By the way, in case you’re wondering what happens when we have both supply risk and demand risk: We show that decentralization is still almost always better. Exceptions occur when the service level target is very low, the decision maker is totally risk neutral, or disruptions are very rare or short.)




Most companies are aware that their supply chains face some degree of risk. Some firms are starting to take proactive steps to protect against these risks. Others are not, and it’s not simply because they prefer to keep their heads in the sand. It’s because risk-protection is seen as costly (because it involves lots of redundancy), invisible (because it probably won’t be needed), and simply not worth it.

My goal here is to show you another way to think about risks and the tactics we use to mitigate them. Risk-protection can be cost-effective, and can harmonize with the goals of the supply chain rather than working against them.