The COVID-19 pandemic has placed healthcare systems around the world under tremendous pressure, which has in turn posed a major challenge for the medtech industry to meet increased demand for its products. In recent months, medtech companies have learned a lot about their supply chains, as the pandemic exposed vulnerabilities in both supply-chain infrastructure and its performance—leaving many companies reflecting that, “we didn’t know what we didn’t know.” Now that these vulnerabilities have surfaced, there is an imperative to address them. The alternative could leave the same supply chains exposed not only to future waves of the pandemic, but also to other supply-chain shocks.
While COVID-19 has caused an exceptional level of disruption, it is not the only threat to the medtech value chain. Other sources of disruption include force-majeure events (such as climate change or natural disasters), macroeconomic and political conditions (including trade-policy or regulatory changes), malicious actions (cybersecurity, intellectual-property theft), and counterparty issues (such as financially fragile suppliers). Recent research from the McKinsey Global Institute (MGI) has highlighted that disruptions from a shock in one of these categories is frequent, and that on average, a shock lasting more than two months occurs every 3.7 years (Exhibit 1).
The research further estimated that within a ten-year period, shocks could cause some medtech companies to lose approximately 38 percent of one year’s earnings (Exhibit 2). This figure is based on modeling numerous potential supply and demand disruption scenarios. Although the higher inventory levels typical in medtech provide a degree of protection compared to other sectors, operations leaders generally recognize that inventory alone cannot protect against all shocks. Moreover, high inventory levels not only translate to higher working capital requirements, but also conceal other supply-chain inefficiencies.
The finding highlights a need for medtech companies to continually evaluate and mitigate vulnerabilities that could compromise quality or security of supply—a particularly important factor given both the direct impact their products have on patient outcomes and the regulated nature of the industry. A broader look at end-to-end supply-chain resiliency is essential for long-term planning and agility; the COVID-19 pandemic has created a clear mandate to act on this now.
Lessons learned from the COVID-19 pandemic
Applying pressure to a system reveals a lot about its true capabilities and resilience. The pandemic has ratcheted up pressure on several fronts at once, in the form of extreme demand spikes for COVID-19-related products, extreme demand drops for certain unrelated products, sudden raw-material and parts-supply disruptions, and an urgent need to protect workforces against the risk of infection. Black-swan events such as the COVID-19 pandemic—those characterized as high-impact and hard-to-predict—could apply pressure in any one of these areas. However, the effects of these pressures are exponentially higher in medtech, whose supply chains are global, multitiered, and need to meet regulatory requirements.
Vulnerabilities can be found along the entire value chain.
- Plan. End-to-end supply-chain visibility is priceless, but rare. Many companies now face increased exposure in their planning processes because their forecasting algorithms rely too heavily on historical demand.
- Source. Medtech manufacturers rarely have strong visibility into their supply chains past the immediate supply base. And even for these tier-1 suppliers, few companies monitor a holistic set of factors, including ones with strong predictive capability. Most lack the latest intelligence about the financial resiliency of their tier-1 supply base, and even fewer have visibility into tier-2 and -3 suppliers. That gap could be particularly costly now because some small- and medium-enterprise suppliers may lack liquidity to outlast the current challenges. Furthermore, too many companies rely on sole-source suppliers for critical components or select finished goods.
- Make. Medtech supply chains typically have been optimized for stability, with the aim of assuring regulatory compliance; technology transfers and new-product qualifications are rightfully thoughtful and deliberate. Differing regulatory requirements and approvals make for high levels of product and SKU fragmentation across regions, limiting the ability to distribute products (and components) where most urgently needed—and, in some cases, constraining production acceleration as well.
- Deliver. Logistics systems have been particularly challenged as closed borders, physical-distancing restrictions, and stay-at-home orders reduced the workforce’s capacity to keep goods moving, both nationally and internationally. More generally, logistics systems are susceptible to external shocks on global supply sources, whether due to external events such as natural disasters or changes in trade policy. Individual companies can be even more exposed when they depend on a single source of transportation, such as air freight.
Nevertheless, as the next normal takes hold, “we didn’t know what we didn’t know,” can be replaced with “we know now what we didn’t know before.” Understanding vulnerabilities is arguably more important—and more achievable—than trying to predict disruptions. With this understanding comes the resiliency imperative for medtech supply chains.
How to approach supply-chain risk management
When thinking about how to build a resilient supply chain, companies can follow a structured approach—first, to surface potential vulnerabilities, and then to establish mitigation plans designed to strengthen continuity of supply and operational health, both financial and nonfinancial (see sidebar, “What is a resilient supply chain?”). For medtech companies, continuity of quality supply is paramount, as it is critical to patient care and healthcare-worker protection.
While the process of risk assessment could seem daunting, a well-established analysis can help operationalize it (Exhibit 3).
Segment the business and products based on criticality
Medtech companies can prioritize their product portfolios based on two important dimensions of criticality.
- Criticality to patient outcomes. To what extent is each product critical for patients’ life support? Are suitable alternatives available? How acute would expected demand be in a healthcare crisis scenario?
- Criticality to the business. To what extent is each product critical to the health and viability of the business? Which products serve strategic markets or priority customers? Which products represent the highest proportion of business profit? Which products are most strategic for near-term or long-term growth?
The intent of this exercise is to bring clarity, attention, and organizational alignment to the products most important for ensuring supply continuity.
Conduct detailed risk diligence
Next, it’s important to examine the vulnerabilities that may arise in each node of the supply chain—companies should prioritize their suppliers, manufacturing plants, and distribution centers by criticality. This calculation is defined by the contribution of each factor to the overall revenue of the company. For example:
- Suppliers. What proportion of overall business revenue is tied to each supplier? What proportion of total procurement spend is associated with each supplier? Which products have only single sources, or sources in a single geography?
- Manufacturing locations. What proportion of total revenue or profit is associated with each manufacturing facility?
- Distribution network. What proportion of total revenue is attributable to each distribution center? What proportion of total inventory is located at each distribution center?
Once this prioritization is complete, the company can examine structural and operational vulnerabilities, as shown in Exhibit 4. It is worth the exercise to consider each category thoughtfully, together with the degree of vulnerability in the supply-chain node. Evaluating vulnerabilities across the framework can help ensure that proper mitigation plans are in place, leaving no gaps in resilience.
We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com
It can be overwhelming to determine where to start or focus resources. Implementing a meticulous prioritization methodology that includes impact (business and patient), risk severity, likelihood of occurrence, and mitigation potential (ease of switching suppliers) for each critical area in the supply chain provides a data-driven way to focus efforts.
Build resilience and mitigate risks
To manage risks that are classified as more likely to occur and to be of higher severity, a multilayer risk-mitigation process can be deployed, following a set of guiding principles.
- Focus on root-cause challenges—not just symptoms. When developing and enacting risk-mitigation levers, identifying the root-cause problems leading to each risk is vital so that stakeholders can take effective action to solve them. Although symptoms are often easier to identify, correcting for the root cause can ensure that risks are mitigated quickly and comprehensively.
- Design mitigation layers to be complementary. The first, foundational line of defense against vulnerability is a well-performing supply chain. Additional layers of defenses should function together so that collectively they provide strong protection. While any one layer of defense may not fully protect against all important risks, care should be taken so that together, the mitigation layers preclude important risks from having negative impacts on crucial segments.
- Clearly calculate each layer’s cost and benefit. The return on investment of each mitigation layer can be determined by explicitly calculating its cost and potential benefit. This step functions not only as an indication of the layers’ value to the company, but also as a tool in communicating the importance of risk mitigation to other stakeholders, such as investors.
Monitor and track risks
For both critical and noncritical segments, companies can identify (and then monitor) factors that prove to serve as early indicators of risk; occasionally, these signals may point to new, previously overlooked risks. To support these monitored indicators, the company can establish a set of triggers that would prompt a formal review of the relevant risk and a decision on any corrective or mitigating action. An appropriate governance structure then helps ensure regular reassessment of the indicators while tracking the implementation of mitigation plans (Exhibit 5).
An imperative to act
The COVID-19 pandemic has delivered a mandate for medtech companies to build supply-chain resilience. Six questions can help companies shape their actions in mitigating against future risks.
- How much demand variability must the supply chain accommodate? And how much could it accommodate without additional investment? Answering these questions requires the organization follow rigorous sales and operations planning (S&OP) processes in assessing potential demand volatility—while continually reevaluating total capacity in manufacturing and supplier networks, for both raw materials and finished goods. The resulting data can help in formulating a risk-management plan to mitigate fluctuations from external shocks.
- How much additional variability can be managed through contingency investments in inventory or capacity? The amount of emergency stock to be kept is a function of the cost to manage the inventory (including working capital), versus the severity of the risk should the stock level prove to be insufficient during a shortage.
- How exposed are our critical products to supplier vulnerabilities, such as sole-sourcing contracts? Managing suppliers and developing partnerships with them can help alleviate any risk they may pose within their respective supply chains. Strategies such as dual sourcing, partnerships with suppliers who have a wide range of capabilities, and assessing suppliers’ financial and operational stability can be leveraged according to the criticality of the part or product, based on patient vitality and business importance.
- Could external partnerships increase the effectiveness and reduce the cost of mitigation levers? Regardless of risk-management plans, companies can usually assess external partnerships and utilization of third-party services based on the company’s own mission and strengths within the industry. By assessing where external partnerships are better positioned than internal management to aid in risk mitigation, a reduction in overall cost can be achieved.
- To what extent is local capacity a requirement for critical products? Assessing the overall manufacturing network and reviewing decisions for where products should be manufactured can aim not only to optimize efficiencies, but also to ensure that production risk is managed across sites. Inputs such as compliance with trade agreements and any geopolitical risks also factor into network design. For any product with a single global manufacturing center, mitigation plans are especially important to ensure continuity of supply.
- Is there a senior leadership voice (from the board on down) to require and support a well-planned risk-management approach? Risk-management plans often fall short because of weak support during execution, underscoring the need for leadership from the top before a risk event occurs.
Companies have an opportunity to redefine resilience and write a new narrative where resiliency and efficiency can occur simultaneously, with minimal cost. In a complex, fast-changing, and unpredictable environment, the time to build supply-chain resilience is now.