At Gartner Supply Chain Symposium/Xpo in Barcelona, one theme surfaced across nearly every session and hallway conversation: procurement leaders are no longer debating whether risk exists. They’re trying to figure out how to operationalize it.
Unplanned disruptions are quietly consuming 18% of revenue, and the executives most responsible for managing that exposure spent three days in Barcelona admitting the same thing in different words: that risk isn’t the hard part.
Calculating it, acting on it, and making the business case for it is.
A few sessions sharpened that picture and here are some insights I thought were worth carrying home.
The Real Cost of Disruption Is Being Systematically Undercounted
Martin Schreffler’s session on Total Cost Calculations for Supplier Risk Management was the one of the last sessions of the conference. The room was nearly full.
That tells you something.
This was originally Cheryl Van Dyke’s session. She was out sick, and Martin stepped in and nailed it on the last morning of a three-day conference.
His opening numbers were hard to sit with:
- Unplanned disruptions add 40% to total cost per incident.
- Across a fiscal year, disruptions are consuming 18% of revenue
- In high tech, aerospace, and defense, that can reach 11 billion euros a year
The problem isn’t that organizations are failing to mitigate risk. It’s that they’re failing to calculate the full cost of managing it. That failure is costing them a fifth of revenue.
He walked through a scenario where a team believed they were spending $40,000 to mitigate a supply shortage. When they accounted for the full picture, including the meetings, expedited orders, additional inventory, storage, supplier premiums, and processing overhead, the real cost was $132,000. Over 60% of the cost was invisible because nobody was looking for it.
The other line from Martin that stayed with me: resilience does not equal redundancy.
His exact framing was that “full visibility into one supplier is more resilient than having multiple suppliers.” That cuts against the default instinct. Many teams equate resilience with a second source, a third source, a backup behind the backup.
After the session, I asked him to expand on it. He looked at me like I already knew the answer.
- Deep risk intelligence on a key supplier
- Covering financial health
- Geographic exposure
- Sub-tier dependencies
- Real-time signal
These are infinitely more valuable than spreading volume across suppliers you don’t actually understand. Redundancy without visibility is just more surface area to be surprised by.
The fix isn’t a bigger risk program. It’s a more precise one. Define risk appetite in dollars. If tariffs create $2 million in exposure and moving production costs $5 million, the question isn’t whether you can mitigate it. It’s whether it’s worth it.
The shift Martin was pushing for: from reactive cost center to proactive driver of enterprise value. The path there is better math, not better instincts.
It’s Not the Penthouse, It’s the Foundation
Vas Plessas opened his session, Your AI Is Only as Good as Your Data: Building an AI-Ready Foundation for the Supply Chain, with a story about a luxury building sinking into the ground.
The building featured premium finishes, $10 million units, and beautiful views. One problem: the foundation was drilled into mud instead of bedrock. They saved $10 million on the foundation. The building has since tilted and sunk 18 inches, with repairs estimated at ~$500 million.
Supply chain data is the same story. Organizations have invested heavily in data quality for years, and the infrastructure is real, but it was built for human analysts, not AI. Human analysts can apply judgment when a field is blank or a supplier name is inconsistent, AI cannot. It needs data that is connected, consistently defined, and continuously validated. Most supply chain data is none of those things. That’s the mud underneath the AI penthouse.
He introduced the 3Cs framework:
Connected – Your AI is only as intelligent as the network it can see
Contextual – Shared visibility without shared meaning is still noise.
Continuous – A data foundation decays the moment you finish building it
Martin Schreffler made it concrete. Going to leadership with a $40,000 mitigation cost lands differently than going with $132,000. But $132,000 is the honest number, and it’s the one that creates a real case for the people, technology, and programs that fix the problem upstream rather than managing it in crisis.
Yanni Karalis made a similar point from a different angle in his day one session, Chief Procurement Officers: Act on 4 Key Technology Business Trends to Define Your Priorities.
His framing: four trends are about to define the next several years for procurement leaders, and the commercial environment around them is volatile enough that the difference between leaders and laggards will be how they navigate it.
- Geopolitical volatility: Ongoing instability affecting trade, sourcing, tariffs, and supplier networks.
- AI cost structures: The growing financial and operational implications of adopting AI at scale, including infrastructure, data, and vendor dependency costs.
- Platform lock-in: The risk of becoming overly dependent on a single technology ecosystem or provider, limiting flexibility and negotiating power.
- Sovereignty concerns: Increasing pressure around data residency, regulatory compliance, and control over critical systems and supply chain information.
The instinct to build a 17-domain risk framework is understandable. It’s also why nothing gets done.
His advice was simple: follow the money.
Start with the business processes tied directly to revenue. Trace backward to the suppliers that support them. That’s your risk footprint. That’s where optionality and investment can be justified.
These sessions pointed toward what that fluency looks like: total cost calculations that capture the full picture, data foundations that make AI recommendations trustworthy, and risk appetite defined in dollar terms, not feelings.
Trust Became the Real Conversation
One thing stood out beyond the sessions themselves, and it wasn’t something I expected.
The questions I kept getting in conversations about apexanalytix were different from what I expected. People weren’t only asking about features or integrations. They knew we were a Leader in the Gartner Magic Quadrant for Supplier Risk Management Solutions, capability wasn’t the question, trust was.
How long we’ve been in business. How many employees we have. Whether we’re stable. They knew what we did, but they wanted to know who we are.
At first it surprised me. Then it didn’t.
Supplier risk management isn’t a point solution you swap out when something shinier comes along. It’s a program built over years, with data that compounds and a partner embedded deep enough that switching has real cost. The organizations taking this seriously aren’t shopping for a vendor. They’re choosing a long-term partner, and they want to know that partner will still be here.
It’s the right question. For what it’s worth, apexanalytix has been doing this for over 30 years, and that tenure is the reason our platform’s AI is built on decades of historical context and continuous validation with the world’s largest supply chains.
Off-the-shelf AI fills gaps with confidence. It tells you a story that sounds right, might even be right, but isn’t. That’s precisely not how AI works at apexanalytix. Trust is the design principle, not an afterthought. Our AI knows what it doesn’t know, which, as it turns out, is a rare and valuable quality.
The Playlist Was Better Than Expected
One last thing about Gartner Supply Chain Symposium/Xpo in Barcelona. The pre-session playlist was genuinely excellent. I never thought I would end up sharing a Gartner conference playlist. And yet, here we are.
You’re welcome.
If you want a deeper look at where the supplier risk management market is heading, download the 2026 Gartner Magic Quadrant™ for Supplier Risk Management Solutions. apexanalytix was named a Leader, recognized for both Completeness of Vision and Ability to Execute.
Gartner, Magic Quadrant for Supplier Risk Management Solutions, Martin Shreffler, Cheryl Van Dyke, Cian Curtin, 4 May 2026. Gartner and Magic Quadrant are trademarks of Gartner, Inc. and/or its affiliates. Gartner does not endorse any vendor, product or service depicted in its publications.
