Supply chain digitalization is a key component of many companies’ strategy to improve operational efficiency and competitiveness. Gains from digitalization are undeniable and go from basic inventory and logistics optimization to fully integrated digital networks that can predict and adjust the whole supply chain to changes on customer behavior. The more deeply integrated those networks are, the greater the company’s ability to build a supply chain that represents a true competitive advantage with potential to yield not only superior efficiency, but also enable new business models and revenue streams . However, as a chain is only as strong as its weakest link, such integration can bring major risks and ultimately jeopardize a company’s ability to guarantee the safety of its own customers.
In December 2013, credit and debit card data of 40 million US customers and personal information of about 70 million breached from Target’s computers after hackers infiltrate into their databases through a corrupted system of a third-party air-conditioning firm [2,3,4]. Since then, data security and IT incidents have escalated to become a top concern of Chief Supply Chain Officers overcoming raw material shortages, and logistics disruptions [Figure 1].
Supply Chain Risks
% of respondents that are “very concerned” about each risk year-on-year
Figure 1 [5,6]
Soon after the incident, Target pledged to spend $100 million upgrading its security systems  and, as part of a more recent settlement , the company agreed to further enforce its compliance with Consumer Protection Statutes and deploy a comprehensive Information Security Program to protect personal information it collects from customers. Albeit huge investments on data security, protecting its systems from hacking continues to pose a great challenge to the company. So much so that 4 years after the major data breach, Target acknowledged that it continues to experience data security incidents . As a result of the inability of companies to prevent such leaks, the number of US customers who experienced identity fraud increased 16% in 2016 to a historical record of 15.4M people [Figure 2] resulting on an estimated loss of $16Bi . To minimize financial losses, many companies, including Target, have heavily relied on cyber-insurances that, although effective on compensating the economic aspect of the hacking, is a palliative solution that do not address the root cause of the problem.
US Customers Who Experienced Identity Fraud
Figure 2 
To deliver a higher level of security to its customers, Target’s management should focus on 3 key areas that are highlighted by many specialists  as foundations for a robust and reliable supply chain network.
First, Target’s supply chain needs to be thoroughly mapped and well understood so that all links of the network can have its weaknesses identified and adequately protected [Figure 3]. In addition to that, security systems and protocols must be established and tested to guarantee its efficacy once real threats are identified. A good example comes from the tech industry in which companies like Google run annual simulations of service disruption to evaluate how well teams go through response procedures and manage to keep the systems working and the data safe .
Figure 3: Anatomy of a Supply Chain Breach 
Second, the human factor needs to be addressed. Weeks before the 2013 breach, multiple malware alerts were ignored and prevention functionalities that could have mitigated the extension of the leak were turned off by administrators who were not familiar with the systems . Therefore, a comprehensive training agenda needs to be put in place to educate all employees on basic security measures and also restrict access to sensitive data to a small and well qualified portion of the organization.
Finally, strong cryptography and multi-layer protection should be used to store and transmit sensitive data. Those measures add an extra layer of protection and avoid that, in case of a leak, any of the leaked information be ultimately used.
It is far from trivial, especially for retail companies, to put together such a complex system and many of them have relied on third-party cyber security and insurance firms to mitigate the risks. It is still open to debate, though, to which extend the responsibility for managing customer’s personal information should be transferred to third parties and how much retailers should rely on insurance companies to mitigate the implications related to data breaches. (727 words)
 strategy&, “Industry 4.0 – How digitization makes the supply chain more efficient, agile, and customer-focused,” PwC, 2016
 B. Krebs, “The Target breach, by the numbers,” May 2014, at https://krebsonsecurity.com/2014/05/the-target-breach-by-the-numbers/, accessed November 10, 2017
 E. Kvochko, R. Pant, “Why Data Breaches Don’t Hurt Stock Prices,” Harvard Business Review, March 2015
 X. Shu, K. Tian, A. Ciambrone, D. Yao, “Breaking the Target: An Analysis of Target Data Breach and Lessons Learned,” January 18, 2017, arXiv:1701.04940
 SCM World, “Future of Supply Chain surveys,” 2016
 SCM World, “Chief Supply Chain Officer Surveys,” 2012-14
 Attorney General of the State of New York, Bureau of Internet and Technology, Assurance no. 17-094, “Target Corporation Settlement,” May 8, 2017 at https://ag.ny.gov/sites/default/files/nyag_target_settlement.pdf
 Target Corporation, Form 10K – Annual Statement, January 2017
 Javelyn Strategy & Research, “2017 Identity Fraud Study,” February 1, 2017
 N. Lord, “Supply Chain Cybersecurity: Experts on how to mitigate third party risk,” July 27, 2017 at https://digitalguardian.com/blog/supply-chain-cybersecurity, accessed November 10, 2017
 Wired, “Google Throws Open Doors To Its Top-Secret Data Center”, October 17, 2012, at www.wired.com/2012/10/ff-inside-google-data-center, accessed November 12, 2017
 Combatting Cyber Risks in the Supply Chain – SANS Institute InfoSec Reading Room – September 2015 – page 2
 M. Riley, B. Elgin, D. Lawrence, C.Matlack, Bloomberg, “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It”, March 17, 2014, at https://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data, accessed November 11, 2017