Will Sehestedt | Transportation Intermediaries Association
Every business knows that cybersecurity is becoming ever more important as bad actors become increasingly sophisticated in their attacks. The risk of attack and victimization by cybercriminals has grown for 3PLs in recent years as logistics providers have closed the “IT Gap” with their shipper customers in recent years and increasingly share communications and interoperability with shipper technology. Data sharing is increasingly a requirement, not an option, for many 3PLs who have built deep relationships with their customers. Small- and medium-sized 3PLs looking to compete in the digital supply chain must be aware of their customer requirements as well as their own digital vulnerabilities and responsibilities.
The IT Gap
In a 2017 study of 3PL-customer relationships released by Capgemini Consulting, Penn State University, and Penske Logistics, 81 percent of shippers believe “big data” information technology services will soon be a required competency for their 3PL service providers. The study noted that 3PLs in recent years have continually closed the IT Gap, which is the difference between shipper expectations for IT capabilities from 3PLs and their rating of current 3PL services offered. In 2002, only 27 percent of shippers indicated satisfaction with 3PL IT capabilities. By 2017, 65 percent of shippers responded that they were satisfied. Consumer habits and manufacturing trends are constantly shifting, but the demand for greater efficiency to reduce costs in the supply chain and for visibility of freight movement and transportation costs is only increasing.
In the 2017 3PL study, 75 percent of shippers and 93 percent of 3PLs reported that using 3PLs helped to lower overall costs of transportation.
The 3PL marketplace is growing both domestically and globally, and every successful 3PL is working to improve its customer service and lower its operational costs to compete more effectively. Competing effectively in many cases means passing those savings on to a growing customer base and 3PLs continue to meet the demands of their shippers. In the 2017 3PL study, 75 percent of shippers and 93 percent of 3PLs reported that using 3PLs helped to lower overall costs of transportation. Eighty-six percent of shippers said that using 3PLs helped them to improve customer service.
Continuing to close the IT Gap will require innovation on the part of successful 3PLs, with a focus on developing strategic and technology-intensive solutions to help shippers service their own end customers. Overall, 98 percent of 3PLs and 93 percent of shippers agreed that moving towards data-driven decision making was a top priority in the 2017 study. Data driven decision making will include metrics in many critically important business aspects that will help shippers increase their efficiency with network optimization, improved visibility for operations personnel and the end customer (particularly for e-commerce shipments), and advanced metrics for evaluating costs.
As previously mentioned, shippers have an expectation that using big data and advanced technology to inform decision making will become a core competency of 3PLs as the supply chain becomes increasingly digital. Information technology capabilities that are increasingly becoming sought-after as 3PL services are:
- Transportation management and planning (71 percent of shipper respondents listed this as a need);
- Visibility of order, shipments and inventory (66 percent);
- Web portals and order tracking (51 percent);
- Transportation sourcing (46 percent);
- Advanced analytics or data mining (40 percent); and
- Customer order management (25 percent).
Data collected from a separate survey, conducted annually by the Material Handling Institute (MHI), helps to put the data from the 2017 Capgemini-Penn State-Penske report further into context. The 2017 MHI survey included responses from throughout the supply chain, with 24 percent of respondents listing themselves as service providers and 10 percent listing themselves as transportation and warehouse providers, and considered the adoption of new technologies as part of the increasingly digitized “always-on” supply chain. Respondents to the MHI survey indicated both the rate at which certain technologies were already deployed, as well as the window in which they expected new and developing technologies to be broadly put into use in the supply chain.
The MHI survey notes that pressures on the supply chain are not limited to data that minimize price, but also that supply chains are providing smaller shipments to increasingly urbanized consumers. Information about the end-user as well as the shipments themselves is increasingly collected, shared, re-packaged, analyzed, and stored via the “internet of things” (IoT) using remote sensors (including mobile and wearable devices).
MHI noted that the deployment of sensors and automatic identification technology is increasing, with almost 90 percent of all respondents stating that they either were currently using sensors, or planned to begin using sensor data within the next two years. Fifty-five percent of current sensor users had deployed the technology to implement tracking-and-tracing. Nearly half (42 percent) of all respondents believe that the deployment of sensors and the increased use of the IoT has the potential to create competitive advantage in the supply chain, and 13 percent see it as having the potential to disrupt the whole supply-chain industry.
For a 3PL to offer new technology solutions that leverage sensors and the IoT, that company will need to overcome concerns about information security and data privacy with their shipper customers. Freely flowing information is a powerful tool, and shippers are increasingly realizing the benefits of sharing data with 3PLs as a path to lowering costs. In the Capgemini-Penn State-Penske study, the number of shippers who would not share proprietary data with their 3PL providers dropped from 26 percent in 2016 to 20 percent in 2017. As 3PL systems are increasingly entwined with those of their customers, and as that data to which 3PLs have access is increasingly granular, with small package and shipment data or customer habits that is used for customer or market insight, 3PLs need to be aware that there is an ever-increasing need to safeguard their own electronic systems to protect the shipper, the end user, and the 3PL from cybersecurity concerns.
New Privacy Laws and Expectations
Large-scale cyberattacks can have major collateral damage on corporate partners and 3PL suppliers even if they were not the primary target. Similarly, less-sophisticated or less-wary vendors can often provide more-entrepreneurial hackers with a backdoor into the systems of major companies that hold personally identifying data on millions of individuals. One example of these extremes was the 2017 Petya ransomware attack in Europe, where ransomware quickly spread globally and forced facility closures for logistics companies and shipping lines while they repaired and protected vulnerable IT systems, causing massive expenses and customer service failures and delays. At the other extreme, hackers in 2014 used the less-secure systems of an HVAC contractor to access the payment systems and networks containing consumer information at Target.
TIA members and other 3PLs are increasingly aware of the need to protect themselves from cybercrime. The marketplace now has many options for cyber-insurance, and companies are increasingly becoming expert at safeguarding their systems and encouraging employee best practices to protect company data from bad actors.
While it will continue to be important for 3PLs to prove themselves as safe, reliable data sharing partners for commercial relationships, the regulatory requirements for such data handling will also evolve quickly. In 2018, the European Union (EU) will implement its General Data Protection Regulation (GDPR) which includes expansive rights for individuals to control their own data, and expansive liabilities for every company that either processes or maintains data which is broadly considered “personally identifiable data.”
Understanding the impacts of this new regulation in the EU is important because what can become a bad or burdensome law in one place can very quickly become a bad or burdensome law here in the U.S. Most importantly: Under GDPR there is no diminishing of responsibility down the chain of data-handling subcontractors in the event of a breach. Essentially, if a hacker succeeds in compromising an IT system and accesses personal data, individuals and groups in Europe will have legal standing to pursue all companies in the data processing chain. This can have an impact on any American logistics company doing business in Europe, and could potentially someday be considered as a regulatory framework in the U.S.
Data considered personally identifiable is also expanded under the rule to include not just basic information collected by social networking companies (which could include name, race, religion, political or union affiliation, etc.) but also addresses and potentially even consumer habits – information which is critical to the supply chain. 3PLs who share data with shippers and either maintain personally identifiable information on their own systems, or merely process anonymized data for their customers, should be aware that they could potentially risk exposure under the new regulations.
For now, the GDPR regulations will most directly impact companies such as Facebook or Google, which actively manage the personal data of individuals in Europe, or companies that employ or perform work in the EU. However, supply chains are becoming increasingly digital while logistics is becoming increasingly globalized. Rules such as GDPR could have a transformative effect on U.S. 3PLs in the very near future and the industry must be aware of the unintended or long-term consequences of data privacy laws on the supply chain.
TIA works closely with its members, leading voices for business, lawmakers and regulators to advocate on behalf of the 3PL industry. For more information on technology, data privacy regulations, or other important issues that affect your business, please contact
[email protected] or call the TIA main office at (703) 299-5700.
The author, Will Sehestedt, is Director of Government Affairs for the Transportation Intermediaries Association. He may be reached at [email protected] or 703-299-5713.