5 Types of Vendor Concentration Risk to Know About - Veridion
Blog

5 Types of Vendor Concentration Risk to Know About

By: Auras Tanase - 24 November 2024

Consolidating your supply base to just one supplier, region, or transportation route may seem like a good idea in theory.

After all, this simplifies supply chain management, lowers administrative and transportation costs, and helps you build stronger, more meaningful supplier relationships.

However, focusing too much on a single vendor comes with its own set of risks.

In this article, we’ll explore five different types of risks your organization is likely to face if it chooses not to diversify its supply chain.

Let’s get started!

Single Vendor Concentration Risk

The primary and most obvious risk is relying too heavily on just one or a few vendors for key goods or services.

When you find a vendor that offers a high-quality product at a reasonable price, with great delivery times, and open communication, working only with them might seem like the best choice.

If you’ve already found the perfect match, why dilute your efforts, right?

And it appears that this is the exact mindset many organizations have.

Sudhir Singh, EY’s Supply Chain and Operations Lead for the UK and Ireland, explains why this is the case:

Illustration: Veridion / Quote: Supply Chain Digital 

Conversely, working with more than a few vendors is truly a balancing act.

You have to carefully vet every potential contender.

Additionally, working with more suppliers requires a lot of coordination and communication with each supplier throughout the entire business relationship.

So, it’s no wonder that many choose the path of least resistance, thinking nothing can go wrong.

Until it does.

No matter how reliable a supplier is, factors beyond their control can affect their operations—and, in turn, impact every company that depends on them.

Take Apple, for example.

This tech giant was heavily dependent on the Taiwanese contract manufacturing firm Foxconn and their facility in the Chinese city of Zhengzhou for iPhone production.

In 2022, COVID-19 restrictions diminished production in the largest Apple iPhone factory by as much as 30%, causing serious shipment delays.

Source: The Guardian

And while Foxconn may not be Apple’s only maker of iPhones, it is their largest one.

This means that whatever disruptions Foxconn experiences—whether financial, operational, or strategic—they are sure to have a ripple effect and impact Apple as well.

However, it appears that more and more companies recognize just how risky being dependent on a single or very few vendors can be.

EY’s research from 2022 supports this, showing that most organizations have plans to increase their total number of suppliers.

Illustration: Veridion / Data: EY

While heavily relying on one or a few suppliers undeniably has its advantages, the risks associated with single vendor concentration far outweigh the benefits.

So, before you decide to put all your eggs in one basket, make sure you thoroughly evaluate what is at stake to ensure the resilience of your supply chain.

Geographic Concentration Risk

The next vendor concentration risk to be mindful of is associated with the supplier’s geographic location.

This risk occurs when companies allow themselves to depend heavily on suppliers from one specific region.

You may be wondering, why does this even happen?

The answer is simple: once a company familiarizes itself with the dynamic of a particular market, its culture, customs, regulations, and logistics, it can be difficult to let go of that familiarity.

Especially because global procurement comes with so many challenges that companies first have to manage.

However, staying in that comfort zone can expose a business to the negative consequences of health crises, natural disasters, political instability, and economic changes impacting the region.

The first example that probably springs to mind is the COVID-19 pandemic that started in China.

In a matter of months, the epidemic turned into a global pandemic, leading to a range of stringent policies—from lockdowns and port closures to factory shutdowns.

Since China was the top sourcing market for 67% of organizations in the US and EU before the pandemic, these restrictions impacted multiple supply chains.

Source: QIMA

As a result, many companies suffered the consequences of overreliance on a single region for the procurement of essential goods.

However, research shows they learned a valuable lesson from it.

In an attempt to reduce the geographic concentration risk, 53% of industrial companies said they already near- or re-shored some of their operations between 2020 and 2022.

An additional 44% said they were planning new or additional near-shoring activities in the future.

This kind of geographical diversification is advisable, says Tim Lawrence, Director of the Digital Supply Chain Innovation Hub at Digital Catapult:

Illustration: Veridion / Quote: Management Today

While tapping into new and unfamiliar markets may be daunting, you can make it easier for yourself by utilizing the right supplier discovery tools.

Let’s say that so far, you’ve only worked with solar panel suppliers located in East Asia.

Now, you’re looking to diversify your supply chain and find new suppliers located in the US and Canada.

With a supplier discovery service like our Veridion, you don’t have to spend weeks scouring the Internet, hoping you’ll find the perfect match.

All you need to do is enter your criteria using natural language either into Veridion data platform or our search APIs, like in the example below:

Source: Veridion

And the best part is that Veridion won’t just give you a list of suppliers located in the desired region in a matter of minutes.

It will also provide you with extensive, always fresh company profiles consisting of more than 60 data points.

That way, you can be sure that you’re doing business with suppliers that match your criteria perfectly.

With a tool like Veridion at your disposal, geographically diversifying your supplier network becomes a breeze.

Specific Route Concentration Risk

Specific route concentration risk goes hand in hand with the risk of geographic concentration.

It occurs when a company heavily depends on a single transportation route for the delivery of goods.

So, when any disruption happens on that route—be it due to weather, port congestion, geopolitical events, or any other reason—companies face delivery delays, increased costs, and other operational disruptions.

What does this mean for you?

Simply put, it means that it’s not enough to make sure you’re not relying on a single supplier and a single region when it comes to sourcing goods.

You also need to consider transportation mode and route diversification.

A real-life event that exemplifies just how important this is is the 2021 Suez Canal obstruction.

Source: BBC

In March 2021, a giant container ship called Ever Given was traveling from Malaysia to the Netherlands when it was knocked off its course by strong winds, causing it to run aground in the canal.

The ship was wedged across the Suez Canal—a key trade route between Europe and Asia—for 6 days, causing over 300 vessels to queue up waiting to pass through.

Source: BBC

Even though Egypt had reopened the canal’s older channel to divert some traffic, this did not prevent severe shipping delays and a trade loss estimated at roughly $54 billion.

The extent of the economic loss caused by the blockage was presumed to be even higher.

In light of this, Brian Alster, CEO of the people intelligence business Altrata, reflected on the fragility of supply chains reliant on a single transit point:

Illustration: Veridion / Quote: Institute for Supply Management

This incident teaches us a clear lesson.

Instead of relying solely on one mode of transport or a single transportation route, it is crucial to collaborate with suppliers and shipping companies on diversifying your delivery routes.

They should have the expertise and insights to help you determine what alternative routes you can consider.

Ultimately, this will help you develop contingency plans, respond effectively to any disruptions, and reduce your dependence on a single delivery route.

Fourth-Party Supplier Concentration Risk

Another set of risks to be mindful of is associated with fourth parties—the suppliers that provide goods and services to your suppliers.

The issue here is not the fact that suppliers rely on fourth parties in their operations.

In fact, leveraging the expertise of specialized sub-suppliers can benefit your organization.

The issue arises when several (or all) of your key suppliers rely on the same sub-supplier(s).

Source: Veridion

Why is that a problem?

Well, when a sub-supplier experiences a disruption, it is going to impact all of your key suppliers and ultimately, you.

Let’s say you’ve made an effort to diversify your supply chain as much as possible.

You’re now working with multiple suppliers that consistently provide high-quality end products at a great price, and you feel secure in your operations.

But what you don’t know is that all of them are sourcing raw materials from the same supplier who has recently experienced an unforeseen incident at their factory.

Because of that, the suppliers you work with are all experiencing a production halt, and are unable to deliver the goods you need.

This is definitely not the kind of situation you want to end up in.

And, as it turns out, neither do the majority of organizations surveyed for Venminder’s 2024 State of Third-Party Risk Management whitepaper.

As you can see below, nearly 60% of them are currently reviewing their vendors’ third-party risk management practices, and 10% go so far as to assess the fourth parties directly.

Illustration: Veridion / Data: Venminder

This begs the question, what can you do to mitigate this risk?

Glen Trudel, Partner at the law firm Ballard Spahr, believes the best course of action is to use the initial vendor due diligence to discuss your suppliers’ sub-suppliers:

“These fourth-party issues can be something that can be identified in an organization’s initial vendor due diligence, and perhaps watched over as part of the organization’s ongoing monitoring to identify these gaps that may inhibit or prevent them from adequately monitoring their important vendors. And, identifying those gaps early on and also enlisting the vendor’s aid in getting those better handled on such downstream providers is an important area.”

Ultimately, it all comes down to transparency and open communication with your suppliers from the start.

So, don’t put off this important conversation and find out who your suppliers are working with.

This is key to identifying hidden risks and building a more resilient supply chain.

Technology Concentration Risk

The final vendor concentration risk on our list today—technology concentration risk—could be considered a sub-type of fourth-party concentration risk.

As we explained, fourth-party risk stems from the overreliance of your suppliers on a single or few sub-suppliers in the broadest sense.

Technology concentration risk, on the other hand, is more narrow.

It focuses specifically on the risks that come from your suppliers relying on a single technology provider or platform for all their critical services.

Brett Callow, Managing Director at FTI Consulting, explains why that is an issue:

Illustration: Veridion / Quote: Leader’s Edge

You may be thinking that to mitigate this risk, vendors simply have to diversify their technology providers.

But, given that the cloud hosting and cybersecurity markets are dominated by a few key players, this is easier said than done.

Many companies experienced this firsthand when the CrowdStrike outage happened in July 2024.

Source: TechCrunch

This security vendor’s primary technology is the Falcon platform, which protects systems against potential threats and is used by companies across different industries all over the world.

The flaw in a content-configuration update caused an outage, crashing about 8.5 million Windows systems.

The impact was detrimental to organizations across different sectors.

For instance, Delta Airlines suffered a revenue impact of $380 million, and the non-fuel-expense impact was calculated at $170 million.

Keep in mind that this was the fallout of an error in a routine software update that was fixed in 78 minutes.

Now imagine what kind of damage a malicious cyber-attack on your suppliers’ technology provider could cause.

But if it’s that challenging for suppliers to diversify their technology providers, is there really anything that can be done about this risk?

Malcolm Marshall, Global Head of Cyber Security at KPMG advises the following:

“Every organization should have a framework for analyzing cyber security and that framework should ideally be integrated into an organization’s existing enterprise risk framework. There are several frameworks organizations can use: The Framework for Improving Critical Infrastructure Cybersecurity published by NIST in the US, Cyber Essentials in the UK, or the international standard ISO27001, which is the most common framework adopted globally.”

On top of that, you can consider investing in risk management software.

UpGuard is an example of one such solution, offering a Fourth Parties module that helps companies detect fourth-party risk exposure in the event of a cyber-attack.

Source: UpGuard

The takeaway from all this?

Yes, you may have limited control over the technology providers your suppliers rely on for their operations.

And yes, there’s little you can do to prevent major outages or cyber-attacks.

But what you can do is adopt robust cybersecurity frameworks and tools.

That way, if worse comes to worst, you know exactly which steps you need to take to come out on the other side with as little damage as possible.

Conclusion

And with that, we have covered the key types of vendor concentration risks that could impact your supply chain.

We’ve shared some real-life stories to illustrate how important it is to try and mitigate these risks, along with practical steps to safeguard your business.

If you’re feeling overwhelmed, know that you don’t have to do it all at once.

Start by taking a good look at your supply chain operations and detect which area needs improvement first.

Is it reducing dependence on a single supplier, or expanding your supplier base across new regions?

Whatever the situation, we hope this article helps you take the first steps in the right direction.