Supply chain risk hasn’t “normalised.” What’s changed is how confidently organisations say they’re managing it – even as the outcomes and underlying constraints tell a different story.
Across four executive surveys run quarterly through 2025 (800 CPOs and CSCOs across the US, UK, Germany and Canada), leaders report near-total confidence in their risk intelligence and reporting foundations. Yet the same research shows disruption losses remain widespread, governance scrutiny is continuous, and structural bottlenecks keep upstream visibility fragile. That contradiction is not a confidence “gap.” It’s a confidence paradox: high assurance in the outputs, paired with admitted weakness in the inputs.
What makes it a paradox (not a gap)
On headline questions, confidence is effectively universal:
- 98% are confident that procurement/supply chain decisions are based on complete, up-to-date supplier data (66% very confident).
- 100% are confident in their ability to detect supplier financial distress before it escalates (50% fully confident).
- 99% are confident in the accuracy and completeness of supplier data used for ESG and compliance reporting.
But when questions become operational, the foundations underneath that confidence visibly weaken:
- 44.5% cite a lack of accurate and up-to-date supply chain data as a barrier to visibility and contingency planning.
- 32.4% cite poor Tier-2+ data quality/completeness as a major challenge.
- 34.8% cite lack of supplier cooperation or data sharing as a major barrier to upstream visibility.
- 35% report fragmented risk monitoring tools.
In other words, leaders express confidence in decision outputs (dashboards, summaries, reports) while simultaneously describing the conditions that compromise the integrity of those outputs. That’s the paradox.
Outcomes don’t match the implied maturity
If early warning and data completeness were consistently decision-grade, disruption outcomes should be materially lower. They aren’t:
- 73% experienced financial or operational losses due to disruptions in the past 12 months.
- 23% reported significant revenue/cost losses.
- 50% reported minor losses.
- Only 8% reported no losses.
- In the financial-health/commodities survey, the mean number of material disruptions is 3.48, and only 5.5% report zero.
This is why the paradox matters: it explains how organisations can feel “mature” while still absorbing disruption as a baseline operating condition.
Governance pressure is now the operating cadence
The paradox is being exposed because boards and CFOs are challenging risk decisions routinely:
- 48.5% say supplier/supply chain risk decisions are challenged weekly or monthly.
- 46.5% say they’re challenged quarterly.
- Only 5% say challenges are rare (and 0% say “never”).
Under this cadence, confidence isn’t useful unless it is defensible - traceable from signal → assessment → decision → action.
The incident data shows risk is not stabilising evenly
Sphera’s incident monitoring data (2023–2025) reinforces that the external environment isn’t “cooling off” in a uniform way. Delivery risk has eased and stabilised, but several harder-to-mitigate categories are rising:
- Viability remains the dominant risk by volume and is accelerating:
- +10.3% in 2025 vs 2024 across Q1–Q3 (after +5.8% the year prior)
- Q3 2025 up ~20.1% vs Q3 2024
- Image & Compliance (ESG) is building with a pronounced late-year surge:
- +9.3% in 2025 vs 2024 across Q1–Q3
- Q3 2025 up ~28.4% vs Q3 2024
- Quality & Performance is the fastest-growing category from a small base:
- +59.4% in 2025 vs 2024 across Q1–Q3
- Q3 2025 up ~73.5% vs Q3 2024
- Delivery declined in 2024 (-12.8% vs 2023) and then stabilised in 2025 (-0.3% vs 2024).
So, while organisations feel increasingly “covered,” the underlying pressure is concentrating in viability, ESG and quality – precisely the categories where weak supplier cooperation and unvalidated upstream data hurt most.
Why the resilience playbook plateaued
Most organisations have already executed the classic playbook:
- 52.5% diversified suppliers geographically
- 40% near-shored/regionalised production
- 55.5% increased inventory buffers
- 53.5% enhanced risk monitoring tools
AI adoption is also now mainstream (94.5% integrated; 50.5% fully integrated), with Yet decision speed remains slow where it matters most: 65% take more than a day up to a week for pre-decision risk reviews, and 30.5% take more than a week up to a month – even though crisis response averages ~19 hours once disruption hits. relying on AI-generated alerts as the primary early-warning mechanism for financial distress.
Yet decision speed remains slow where it matters most: 65% take more than a day up to a week for pre-decision risk reviews, and 30.5% take more than a week up to a month – even though crisis response averages ~19 hours once disruption hits.
The 2026 takeaway: move from confidence to proof
The defining challenge for 2026 isn’t getting leaders to care or adding more tools. It’s resolving the confidence paradox by rebuilding the foundations that make confidence credible:
- Verifiable N-tier visibility (not “visibility as a claim”)
- Supplier engagement at scale (not occasional data requests)
- Data integrity across Tier-2+ (not reporting confidence built on fragile inputs)
- Decision-ready evidence chains that stand up under board scrutiny
Because in a world where risk decisions are challenged monthly – and disruption losses are still reported by nearly three quarters of organisations – confidence without proof becomes a governance liability.
