As if CEOs didn’t already have plenty to keep them up at night, here’s a pair of nightmarish supply chain risk statistics, from a just-published study conducted by Deloitte Consulting:

• 53% of the global executives surveyed say that supply chain disruptions have become more costly to their organizations over the last three years; and yet

• 45% say their supply chain risk management programs are either only somewhat effective or aren’t effective at all.

“Supply chains are increasingly complex, and their interlinked, global nature makes them vulnerable to a range of risks,” explains Kelly Marchese, principal, Deloitte Consulting LLP, who specializes in manufacturing operations and supply chain strategy. “This increased complexity, coupled with a greater frequency of disruptive events such as geopolitical events and natural disasters, presents a precarious situation for companies without solid risk management programs in place.”

The definition of supply chain risk itself depends on who’s doing the defining; Deloitte claims it has identified and documented more than 200 different sources of significant supply chain risk. Broadly speaking, though, there are four basic categories:

Macro-environment risks, which occur outside a single company’s supply chain and include natural disasters such as hurricanes and earthquakes; political unrest; economic recessions; and severe raw material shortages.

Extended value chain risks, which arise from problems with Tier 1 and Tier 2 suppliers, outsourcers and customers.

Internal operational risks, which tend to occur within various operational areas of a company, from product development to manufacturing to distribution.

Functional support risks, which take place in support areas of a company, such as HR, finance, legal and IT.

Of the four categories, the type that executives are most concerned about are risks within the extended value chain, with 63% ranking it as either # 1 or # 2 in importance. Executives see margin erosion as the most costly outcome of a supply chain disruption, with 53% of the response, and another 40% identified sudden demand change as a potentially costly outcome.

In fact, these potential risks have caught the attention of senior management, as 71% of the respondents say that supply chain risk management is an important factor in their strategic decision-making, and nearly that many (64%) say they have a supply chain risk management program in place. Why then do nearly half (45%) say they lack confidence in these programs, and why do only 13% say their companies are extremely effective at risk management? The top two reasons are: lack of acceptable cross-functional collaboration (32%), and cost of implementing risk management strategies (26%). The silo mentality at many companies also plays a part, since risk management programs tend to be organized around silos, which can impede visibility and collaboration—the very qualities supply chain management depends on.

“Many companies have some form of a supply chain risk management program, but unfortunately they do not always get the results they need from these programs,” says Marchese. “To be effective, companies should take a holistic and integrated approach to managing supply chain risk and go beyond traditional approaches.”

The most effective risk management strategy, according to the Deloitte survey, is to build stronger extended value chain relationships (24% of respondents), followed closely by developing business continuity and risk contingency plans (23%). Many types of tools are available to assist in the development of these programs, with financial risk modeling tools being the most prevalent choice (45%), followed by supply chain operational modeling (44%), supply chain mapping/visualization tools (42%) and risk intelligence data (42%).

Disruptions are always going to occur, Marchese points out, but companies can go a long way toward reducing their impact by “building in the ability to recover efficiently.”