As global supply chains grow increasingly complex, organisations must prioritise data resilience and security to protect against evolving risks and disruptions
In conversations around supply chain resilience, attention often centres on logistics, infrastructure, or supplier diversification. But because supply chains now rely heavily on digital systems, resilience also means having clear visibility into those systems. This includes the ability to understand what’s happening across systems and the data flows that power supply chains, as well as the capacity to respond effectively when disruptions occur.
Marcelo Tarkieltaub from Rockwell Automation discusses Southeast Asia’s moment in the global supply chain reset
Unfortunately, many systems powering today’s supply chains lack transparency. They are built on outdated software, complex integrations, or third-party components that few within an organisation fully understand. These opaque environments make it difficult to detect weaknesses or recover efficiently following disruptions. Without clarity on what systems are doing and how they interact, recovery becomes uncertain and risk increases. This is especially critical in Southeast Asia, an emerging global manufacturing and logistics hub. The region’s high interconnectivity means a single cyber or system failure can impact multiple partners and markets.
These challenges aren’t hypothetical. Recent findings show that only half of enterprises meet their recovery time objectives (RTOs) during real-world disruptions, despite widespread investment in backup and continuity strategies. Many organisations believe they’re prepared, only to discover otherwise in the middle of a crisis.
Visibility powers resilience
Ensuring systems are operational is no longer enough. True resilience requires a deeper understanding of how systems behave under stress and how their failure impacts the broader supply chain. Visibility plays a critical role here. It’s not just about detecting when something breaks but also knowing what platforms and processes are in use, where third-party dependencies lie, and how different components interact in real time. Without that situational awareness, it’s nearly impossible to anticipate points of failure or plan for effective recovery.
Yet too often, organisations struggle with unexamined complexity. Layers of software, inherited infrastructure, and siloed vendor tools obscure what’s truly at risk. When an issue arises, teams may be forced to troubleshoot in the dark, wasting critical time.
A major contributor to these blind spots is the prevalence of “black box” systems — technology environments where inputs and outputs are visible, but the internal workings are not. Whether because of limited documentation, third-party control, or legacy design, these systems create uncertainty. In crisis situations, even identifying the root cause of an outage can be a challenge. If teams don’t understand how a system functions or how it connects to others, recovery efforts can quickly stall.
This becomes especially problematic in environments where information technology (IT) and operational technology (OT) functions are disconnected. According to the Singapore Cyber Landscape 2024/2025 report by the Cyber Security Agency of Singapore (CSA), advanced persistent threat (APT) activity has increased globally and particularly across Southeast Asia. These long-dwell attacks frequently exploit blind spots in legacy operational systems. Manufacturing, logistics, and other supply chain-intensive industries often rely on infrastructure that doesn’t easily communicate with newer digital platforms. Without proper IT-OT convergence, the attack surface expands and leaves enterprises more exposed to cyber threats. Visibility gaps widen further when ownership of these systems is unclear or accountability is fragmented across departments, delaying responses, complicating recovery efforts, and introducing blind spots. Without clear lines of responsibility and integrated system awareness, resilience remains out of reach.
Recovery as a strategic priority
Modern resilience strategies must prioritise recovery as much as prevention. It’s essential to know not only how systems can fail, but also how long disruption can be tolerated and how quickly functionality can be restored.
Recovery readiness means proactively mapping dependencies, regularly testing systems under real-world conditions, and preparing for a wide range of scenarios, including those where third-party providers may not respond promptly. The Monetary Authority of Singapore (MAS) reinforces this practice through its Outsourcing Guidelines, which require financial institutions to implement robust risk management frameworks, including cybersecurity measures, to govern third-party service providers. In Malaysia, the Malaysia Cyber Security Strategy (MCSS) 2025–2030, launched by the National Cyber Security Agency (NACSA), emphasises shared responsibility among government, industry, and communities to strengthen national and regional cyber readiness across critical infrastructure and defence supply chains. This demonstrates how resilience must extend beyond internal systems to outsourced environments, ensuring that institutions maintain visibility into the disaster recovery arrangements and locations established by their service providers.
Backup solutions may restore data; however, without a full picture of system interdependence, recovery can stall. Resilience is about restoring functions, not just files. That requires preparation grounded in visibility.
Building resilience from within
The first step of supply chain resilience is to gain visibility into internal environments. By aligning IT and supply chain leaders around shared goals, teams can develop a more holistic understanding of system behaviour and business risk. Organisations should identify their most critical applications, catalogue known dependencies, and document where gaps in understanding exist.
Critical actions include:
- Auditing third-party integrations
- Conducting recovery simulations
- Creating documentation and training for shared understanding
- Encouraging shared ownership of resilience outcomes
From there, teams can test their ability to recover and measure the effectiveness of those efforts.
This internal groundwork establishes a foundation for broader improvements. It also reduces the risk posed by third-party tools or services that may fail or underperform in a crisis. While external vendors are an inevitable part of modern supply chains, they shouldn’t be a mystery. Organisations should strive for transparency and ensure vendor systems don’t become single points of failure.
Clarity that sustains continuity
Resilient supply chains don’t come from gut instinct — they come from a clear understanding of how things really work. The ability to see how systems operate, how they fail, and how they can recover is central to long-term continuity planning. By focusing on internal systems, enhancing cross-functional collaboration, and proactively testing recovery procedures, organisations can reduce uncertainty and strengthen their response to disruption. Resilience becomes less reactive, more repeatable, and ultimately more reliable.
The article titled “From risk to resilience: protecting your supply chain against disruption” was authored by Rick Vanover, Vice President of Product Strategy, Veeam Software.
About the author
Rick Vanover (Microsoft MVP, Cisco Champion, VMware vExpert) is Vice President of Product Strategy for Veeam Software based in Columbus, Ohio. Rick’s experience includes system administration and IT management, with virtualisation, cloud and storage technologies being the central theme of his career recently.
Rick’s passion for challenges led to his commitment to educate and communicate at all levels, engaging those new to availability technologies as well as those who are experts. As a blogger, podcaster and active member of the IT community, Rick builds relationships and spreads excitement about Veeam solutions. Before becoming the “go-to” guy for Veeam questions, Rick was in system administration and IT management. His community designations include Microsoft MVP, VMware vExpert and Cisco Champion.