By Tom Holmes
In an age where cost is critical and cyber security is essential, engaging in a practice that increases prices and risk of attack would be nonsensical. Yet across the world and throughout the industry, 1000s of procurement departments wittingly elevate the price of the products they buy and expose their department to an array of cyber threats each day. The cause? Procurement portals. Buyers have a number of choices when it comes to procurement systems. They can develop their own in-house system and so have their own custom portal. Or they can use the purchasing module of one of the marine software companies. Depending on which of the two dozen marine software companies they use and how they’re set up on that system, they can send procurement transactions in one of three ways. First, they can use emails with the RFQs and POs as attachments. Second, if they wish to avoid manually sending emails they can add a bolt-on platform like ShipServ, so that the transactions go out and back directly into their procurement software. Thirdly, they can enable a buyer portal, a front end which is part of their marine software systems’ procurement module. The supplier has to quote on the portal after being sent an email notification. This last way of operating has seen a significant rise in popularity with buyers in the last few years and it is the slew of buyer portals that is creating a problem of epidemic proportions for suppliers, the ramifications of which are being passed back to the buyer. “These buyer portals create an unwanted and unnecessary administrative burden for suppliers,” says ShipServ’s Kim Skaarup. When there were just platforms, of which ShipServ is one, suppliers only needed to learn and use a very small number of formats. But, with the
rise of dozens of buyer portals, the number of different formats to learn and maintain grows dramatically. And this produces the additional costs to serve for suppliers. As Kim Skaarup concludes: “That extra burden translates directly as cost to the supplier, which is inevitably passed on to the buyer.” He continues, “Buyers aren’t willing to spend a small amount on a solution that comes from an established platform with ISO standards and high security measures. They prefer to build their own, pass the workload over to the supplier, continually add information fields for suppliers to update, add new passwords to remember and different processes for each portal to learn. “This just adds costs, time and complexity, which is passed back via the cost of the products or services. Yet the buyers don’t even see it or close their eyes as the cost is buried in the product. It’s therefore not hard to see why this is such an issue.” And now on top of this many buyers are starting to request the suppliers to upload delivery proofs and invoices. Carsten Schmidt, Senior Vice President at ShipServ is all too aware of the problem. He says that for the many suppliers he has spoken to, the buyer portals are ‘irritating’ because of the added work they create, a sentiment he believes is the tip of the iceberg. “It’s worth remembering that the buyer portals that sit on the front end of their system are created by people whose main business is not focused on building or managing procurement systems. Often these front end portals are unstable, illogical to the supplier, lacking functionality, unsafe and unsecure. These portals are not wanted in the industry, but buyers perceive them as a way of saving a small amount of money in the short term.”
2
The extent to which this is a problem is underlined by a growing a trend among suppliers to vote with their feet. Faced with security risks, convoluted quoting processes and unclear return on their time investment, many are taking evasive action. “It’s reaching the point where some suppliers are refusing to do business with some buyers because the portal interfaces are so problematic,” says Carsten. “What does that say about the purchasing process at the buying organisation when a supplier assesses the value of working with them and finds that it’s a better use of their time not to? For a highly competitive industry, that is a huge decision for a supplier to make. “At the end of the day, technology is here to facilitate better communication between users. What we are seeing with the buyer portals is totally counterproductive to what we want to see with the digitalised processes. It’s also counter to the desire for the industry to become more collaborative.”
Real and present danger. In the wake of the NotPetya attack on Maersk in 2017, the shipping industry has woken up to the very real and present danger posed by cyber threats, though only by degrees. The very public crippling of the shipping behemoth took a huge slice of its credibility, not to mention $300m in lost revenues and then some again to rectify the problem and protect itself. Few other companies in the industry could withstand a triumvirate of blows that hard.
“Buyer portals have really weak access because it would make it too cumbersome for suppliers to access enquiries and update quotes if controls were tighter,” says Kim Skaarup. “Often a link sent to a supplier can be accessed by anyone, so it’s really easy for a hacker to use as an entry point for sabotaging company infrastructure.” When you consider that buyers send 1000s of links to suppliers without knowing what type of security controls the recipient has in place, the risk of exposure is magnified on a grand scale. A supplier, for example, could fill out a form and return to the buyer, who will in turn open and upload the data. If that attachment or data contains a virus – or worse, if it is intercepted and copied by a hacker and returned with malicious links – the virus will be spread across the buyer’s entire internal network – at considerable cost to their organisation. “We have this daily balancing act,” one supplier, who wished to remain anonymous, said. “Everyday we receive fake links from hackers directing us to unsecure sites from which we can be hacked. “Between those we have genuine links that come directly from portals, which have to be checked, scanned and processed. They’re also not without problems because so many of the links can be accessed by anyone, so we’re aware that our data could potentially be seen by anyone. It’s as laborious as it is concerning. At the end of the day, we want to do a good job for our clients, but it’s becoming harder and harder to do so.”
If not from a cost standpoint, then it is in Maersk’s context that procurement should be evaluating its use of buyer portals. If that statement seems hyperbolic, it’s worth remembering that NotPetya was a simple malware, a type of virus most often spread by opening an infected link or attachment in an email disguised a genuine communication. Portals are ripe for the picking.
3
Head in the sand? All this begs the question as to whether buyers that use marine software systems’ portals or bespoke, homemade portals are aware of the problems they cause? And if they are, why do they persist? From the buyers we spoke to, the message was that some companies considered it far more convenient to build their own portal to their own requirements than using a platform provider. But that is, as Kim Skaarup says, very short sighted given the problems they create further down the line. A procurement specialist we spoke to added that marine software systems are not always optimised for purchasing. Often, basic functionality is prioritised over procurement functionality, which means that data and reporting functions are sometimes missing – something he says isn’t the case with other options.
buyer uses. ShipServ, for example, connects 40 different software systems to its platform today.” The procurement specialist we spoke to echoed Kim Skaarup’s sentiment, adding that he is against using portals, especially if it’s not benefitting both parties. “There are clearly problems for the supplier. And if it’s only causing them troubles, then I don’t see any reason to use it. “You may make small savings financially, but those savings are very low, compared to what you can actually gain if you cooperate with the supplier, and have your processes better enabled together. And then, both parties will be a lot more satisfied. We ought to really be looking for the win-win.”
It’s worth remembering too, that the cost of building, maintaining and reinventing bespoke portals when systems are changed is considerable both up front and over its lifetime. According to one source we spoke to, who has been down that route, the result can be a piecemeal software suite, a hotchpotch of comms, supply, finance and accounting software that is optimised for nothing. For Kim Skaarup, it serves to highlight a wider problem in the industry about the perception of what independent platforms like ShipServ bring to the table. “It illustrates that buyers don’t fully understand the benefits which arise from using a platform and how we improve their connectivity. To connect to their suppliers is a matter of data communication and nothing to do with which software system they use or a lack of functionality. Independent platforms like ShipServ are not procurement systems or maintenance systems, they’re an addon to the existing procurement system that the
4
About ShipServ The ShipServ proposition is simple: It helps marine and offshore buyers to find the best suppliers easily, trade efficiently and build trusted relationships. Buyers speed up their purchasing process and save money. Suppliers serve customers better and find new customers and markets.
260
shipowners and managers
>73,000 suppliers
$4b
current annual value of trade
Where ShipServ comes in for buyers ShipServ helps procurement teams improve their performance and make the most of the investment in their current procurement system. It does this through increased efficiency and productivity; providing data and benchmarks for better decision making; removing much of the daily manual, repetitive tasks; and enhancing cyber security. Regardless of which procurement system you currently use, adding ShipServ to it will enable the following benefits: • Efficiency improvement of 30% or more is typically achieved • 100% coverage of your suppliers, guaranteed • Supplier performance reporting • Leading benchmarks • Excellent supplier response rates and speed • Enhanced procurement cyber security • Easy plug in to all maritime software systems • We’re the only platform equally committed to both buyers and suppliers • Trusted by more ship operators than any other. Today, over 260 leading ship owners and managers, and their 10,000 vessels, put their procurement through ShipServ.
To contact ShipServ email: marketing@shipserv.com To find out more, visit our website: shipserv.com or follow us on Twitter or LinkedIn You can also download our ebooks from the website
5