This is the time of year when journalists get bombarded with pitches from PR firms. The pitches share a “sneak peek” of the predictions that a CEO at a solutions company is making and then asks the journalist if they want to interview the CEO. These predictions mostly seem obvious.
I got a pitch from the PR firm representing Everstream Analytics that was different. Everstream Analytics is sitting on a vast trove of risk data. The company applies AI and other analytics to this data to provide supply chain risk analytics and insights to its clients. In short, what makes them different is that they can quantify and thus prioritize supply chain risks.
Their 2025 outlook identifies the five most likely supply chain events that will impact supply chain operations this year. Each event is assigned a risk score.
Drowning in Climate Change
This is the top risk identified by Everstream. They apply a risk score of 90% here. “Flooding has become so volatile that even nations with the most sophisticated weather warning systems and infrastructure are caught off guard by the ferocity and speed of sudden flash flood events. Companies will be upended by even more frequent small-scale events and larger-scale storms like Hurricane Helene’s unexpected and extensive destruction across several states in the U.S. Appalachia region in 2024.”
The company points out that forecasted rainfall totals for Helene were very accurate one week in advance of the flood that devasted the Blue Ridge mountain region of North Carolina. “But nobody in that region had ever experienced or even expected that amount of rainfall in such a brief period. The existing infrastructure (bridges, roads, rails) was built in the past and was insufficient to handle these copious rainfall totals. The damage impacted more than 50 electronics, automotive, and aerospace manufacturers, plus general machinery and materials processors, and medical device and health care companies.”
Climate change is causing more frequent and intense extreme weather events around the world. In 2024, flooding events contributed to 70% of the weather disruptions covered by Everstream Analytics.
So, what can companies do about this risk? They recommend looking at key company-owned facilities and those run by key partners and suppliers. The “evaluation should include a review of area infrastructure, egress routes, and waterways. Pay attention to applied meteorology forecasts as far in advance as possible and take flood warnings particularly seriously. Prepare for the worst and react aggressively.”
Geopolitical Instability with Increased Tariff Risk
Everstream applies a score of 80% to this risk. “International political and economic relations are destabilizing, caused by political upheaval, ongoing skirmishes, and full-scale wars. In 2025, it will be impossible to avoid conflict and its impact on sourcing, manufacturing, and logistics.”
The report cites intensified political turmoil in the Middle East, including the Israeli-Hamas war and its spillover, the Syrian civil war, and continuous Houthi attacks on Red Sea vessels. “Even if the traffic along the Suez Canal route returns to full throttle in 2025, this shift would cause weeklong processing delays, container backlogs, and a spike in congestion at many European seaports due to the sudden increase in cargo volume.”
In Ukraine, Russian forces now occupy around 20% of the country. Additional support from Western allies looks less likely. It is likely Russia will be able to destabilize Ukraine’s remaining manufacturing and trade activities and that further strain between Europe and Russia will result.
In Asia-Pacific, China believes Taiwan rightfully belongs to them. This has led to the souring of cross-strait relations between China and Taiwan as Taiwan exhibits more political independence. Even if an invasion of Taiwan does not happen this year, the military drills around Taiwan in recent years and comments that “more or bigger Chinese military exercises could disrupt transportation through significant seaports and airports in the region. Nearly a third of all global trade – and 40% of all globally traded petroleum products – flows through sea lanes in the region.
Meanwhile, tariff increases always affect global trade flows. President Trump has proposed tariff increases, including a global baseline tariff of 10–20%, a 60% tariff on Chinese imports, and a 100% tariff on goods from de-dollarizing countries. De-dollarization is an effort by several countries to reduce the role of the U.S. dollar in international trade. Countries like Russia, India, China, among others, are seeking to set up trade channels using currencies other than the dollar.
The key strategy, according to Everstream, is to understand the multi-tier supply sources by country so that a company can make sourcing adjustments when an event occurs. If a company can do this more quickly than its competitors, that leads to a competitive advantage.
More Back Doors for Cybercrime
Everstream assigns this risk a score of 75%. “While a company’s cybersecurity front doors may be double-bolted, but there are more unlocked back doors than ever available to increasingly sophisticated attackers. In 2025, cyberattacks will primarily arrive via sub-tier supply chains, where criminals can more easily exploit common programming errors and vulnerabilities. They can then leapfrog into top-tier corporations via phishing, software connection links, or other methods.”
Cencora, a sub-tier pharmaceutical supplier, had a security breach in the early spring of 2024. At least 11 global pharmaceutical companies linked this breach to their later ransomware and phishing attacks. Everstream’s data document 471 attacks in 2024. The data shows that cyberattacks were particularly common in the electronics, logistics, and consumer goods industries.
Larry O’Brien, a vice president at ARC Advisory Group, says that an European Union regulation known as Network and Information Systems Directive 2 provides a good framework for companies to follow to bolster their supply chain cybersecurity capabilities. While NIS 2 is an EU regulatory framework, NIS 2 applies to companies headquartered outside the EU if they provide goods and services within the EU. “Adopting a risk management framework for cybersecurity is something that all manufacturers should be doing,” Mr. O’Brien points out. “As with any regulatory framework, NIS 2 tells you what needs to be done, not always how to do it.”
Rare Metals and Minerals on Lockdown
The score assigned to this class of risks is 65%. “Countries and companies alike are recognizing global mineral scarcity coupled with increasing demand, and both are responding by locking up supplies.” Between rising regulations, new tariffs, and long-term or exclusive contracts, rare minerals and metals will be harder and more expensive to obtain.
“Within a politically charged atmosphere between the West and the major commodity producers—China and Russia—companies will face new tariffs and sanctions on critical metals. Governments are placing renewed emphasis on the negative environmental and social impacts of mining, which will present challenges for metal producers over the coming year.”
But, China is not the only nation with proposed or enacted commodity restrictions. “Political tensions over the Russia-Ukraine war led to restrictions on Russian metal imports by the U.S. and the UK. Additionally, security concerns and allegations of industry product dumping led many countries to enact measures against Chinese metal imports.”
As concerns mount surrounding critical commodities, companies are increasingly turning to direct mineral purchasing agreements with mines. However, when a nation supplies an overwhelming majority of a mineral based on mining or processing, direct agreements with mines may have limited value. Graphite, for example, is a core raw material for producing Lithium batteries which are core to the electronic vehicle market. 80% of the world’s graphite is produced in China.
Crackdown on Forced Labor
No nation’s enforcement of any ESG issue comes close to the US Customs and Border Protection Agency’s enforcement of the Uyghur Forced Labor Protection Act. $3.7 billion in shipments have been detained at the border based on enforcement of this act. In some cases, the shipments are eventually cleared, but only after supply chains were disrupted and demurrage charges accrued. But a significant proportion of shipments were never allowed entry into the US.
What gives the US act teeth is that “the ‘rebuttable presumption’ part of UFLPA is truly unique. Anything coming out of Xinjiang is presumed to have used forced labor unless an importer can prove the negative. There is also a lack of a de minimis exception; this means that even an insignificant input of product produced in whole or in part with forced labor could result in enforcement action.
While the UFLPA is the most stringent, other nations and regions have also enacted forced labor legislation. These include the EU’s Corporate Sustainability Due Diligence Directive (CS3D) and regulation on Prohibiting Products made with Forced Labor (FLR); Mexico’s Forced Labor Regulation; and Canada’s Fighting Against Forced and Child Labour in Supply Chains Act.
This class of legislation has pushed many companies to find alternative suppliers in other low-income countries, many emerging economies do not have adequate laws or enforcement mechanisms. This is particularly true when sub-tier suppliers employ migrant labor.
The technology exists to detect whether a company’s supply chain includes sub-tier suppliers based in the Uighur region of China. This technology is not flawless, there can be false positives and misses. Nevertheless, it is a powerful tool to prevent shipments from being detained based on UFLPA.
However, finding bad actors among sub-tier suppliers in other parts of the world is still difficult. Everstream points out that the food industry is a particular source of concern. Vanilla, palm oil, cocoa, and soy – produced in Madagascar, Indonesia, Cote d’Ivoire, Ghana, and Nigeria – have frequently accrued violations and allegations based on child labor or forced labor issues.
