In McKinsey’s 2025 survey, 95% of global supply chain leaders said they have visibility into their Tier 1 supply chain risks. But when it comes to Tier 2 or beyond, only 42% have visibility. That means over half of organizations are operating with limited or no insight into the deeper layers of their supplier network. And that’s exactly where risks tend to hide.
Learn more about why Tier 2 and Tier 3 suppliers (also called fourth and Nth parties) remain largely invisible, what risks hide in those tiers and how organizations can start closing the visibility gap.
Key Takeaways
- 95% of supply chain leaders have visibility into Tier 1 risks, but only 42% see Tier 2 or beyond, resulting in hidden risks.
- Organizations struggle to monitor Tier 2 and Tier 3 suppliers due to a lack of direct relationships and limited data sharing from Tier 1 suppliers.
- Understanding the complexities of sub-supplier networks is crucial, as risks may remain unnoticed until they disrupt operations.
- Businesses must map their entire supply chain to identify hidden vulnerabilities and mitigate risks effectively.
- Improving supply chain risk visibility requires building transparency with Tier 1 suppliers and utilizing technology for centralized data tracking.
Table of Contents
Understanding Supplier Networks in a Supply Chain
When your organization partners with a supplier, you may not be relying on that one business alone for specific materials. That supplier may have its own suppliers (that in turn rely on others, too). The result is an interconnected network of vendors, including many that your company may never interact with directly but are still key players in your supply chain.
To make sense of this network, organizations usually group suppliers into tiers, such as:
- Tier 1: Suppliers you buy from directly (the ones you have contracts with and pay them for components, raw materials or services)
- Tier 2: Companies that supply materials or parts to Tier 1 vendors
- Tier 3: Suppliers to Tier 2 companies
The higher the number of tiers in the network, the less visible your supply chain risk tends to be. But why does that happen?
Why Tier 2 and Tier 3 Suppliers Are Difficult to Monitor
Large international companies can have hundreds or even thousands of Tier 2 and Tier 3 suppliers (also known as sub-suppliers). Several reasons make it difficult to identify all of them and manage the supply chain risks they introduce.
No Direct Relationship
Businesses have contracts with Tier 1 suppliers, but not with Tier 2 or Tier 3 vendors. Without formal agreements, your organization lacks a direct relationship with them.
That means you can’t request data from Tier 2 and Tier 3 suppliers, conduct audits or monitor their inventory levels. You may not even know who they are in the first place.
Limited Data Sharing by Tier 1 Suppliers
A lack of Tier 2 and Tier 3 visibility may not be entirely the organization’s fault. There are two main reasons that Tier 1 suppliers may fail to disclose their supply sources:
- They lack visibility into their own supply chains.
- They consider information about their suppliers confidential to avoid direct-sourcing competition.
In such cases, businesses have no visibility into Tier 2 and beyond. But you can’t monitor sub-suppliers you don’t know about.
Lack of Subtier Mapping
When organizations create a visual representation of their suppliers across regions and categories, most stop at, or at least heavily prioritize, Tier 1 vendors. That leaves them with a clear visibility into direct suppliers but limited or no view of Tier 2 and Tier 3 relationships.
The resulting blind spots make it difficult to identify hidden dependencies related to indirect suppliers, which may introduce new supply chain risks. The risks may remain unnoticed until they cause a crisis.
Data Fragmentation
Information about direct and indirect suppliers might be available in an organization. But if that data is scattered across multiple systems and managed in isolation by different teams, it’s difficult to create a complete picture of Tier 2 and Tier 3 supplier risks.
What Supply Chain Risks Hide in Tier 2 and Tier 3?
Businesses rely on a complex web of suppliers, and each comes with its own supply chain variables that create risks. Mitigation strategies focused only on direct suppliers may fail to address vulnerabilities in Tiers 2 and 3. Understanding the hidden threats you might encounter with vendors beyond Tier 1 can help you prepare early and improve supply chain resilience.
Ethical Concerns and Regulatory Compliance Issues
In 2012, the Fair Labor Association reviewed Nestlé’s supply chain and found that some exporters in Côte d’Ivoire who sold directly to the company were sourcing cocoa from farms linked to child labor practices.
Without multi-tier supplier visibility to identify and address these issues, organizations may suffer reputational damage once they are exposed. Besides customers and stakeholders losing trust in a brand, ethical concerns can also cause legal issues. For example, Nestlé had to fight a lawsuit in US courts regarding child labor in its supply chain.
Cybersecurity Threats
In 2018, TSMC, the world’s largest chipmaker and Apple’s supplier, was the victim of a cyberattack after failing to scan a new software tool from a third party. The tool spread a ransomware virus, which locks victims out of their systems until they pay a ransom, to over 10,000 machines and information systems in TSMC’s factories.
The attack disrupted production and delayed shipments. While Apple’s own systems were not breached, the tech giant was still affected by the delays in TSMC factories.
The incident shows how cyber risks at a supplier (and their suppliers) can spread throughout the network, causing supply chain disruptions in organizations that aren’t directly connected to the original breach.
Single-Source Risk
A company with several Tier 1 suppliers for the same product may think it has diversified its supply sources. But if all of them rely on the same Tier 2 supplier for key components or raw materials, it creates a hidden single point of failure.
If that Tier 2 supplier experiences major disruptions or shortages, the impact can spread across multiple Tier 1 vendors at once. The disruption can halt production across the organization.
How to Increase Supply Chain Visibility
Knowing who your sub-suppliers are and how they impact your product sourcing increases your supply chain visibility. Several actions can help you get a clearer multi-tier supply chain view, which you can use to improve your risk mitigation strategies.
Work With Your Direct Suppliers to Build Transparency
Use disclosure agreements that require Tier 1 suppliers to reveal where they source their materials and whether they rely heavily on a particular Tier 2 supplier. These are useful insights for assessing your supply chain risks.
But what if Tier 1 vendors consider their supply sources confidential or lack visibility into their own supply chain? Risk management teams may need to develop a theory of Tier 2 and Tier 3 risks based on where they traditionally source materials, or research other helpful data sources (such as news and expert reports).
Map Your Tier 2 and Tier 3 Suppliers, Not Just Tier 1
When you create a comprehensive visual representation of sub-suppliers, you can see hidden relationships beyond the first tier that carry critical risks. That visibility helps you identify:
- Single points of failure
- Concentration risks (sub-suppliers existing in the same area)
- Ripple effects of cyber and compliance risks in Tiers 2 and 3
Use Technology to Unify Data and Track Deep Supply Chain Risks
Use a supply chain risk management solution that centralizes your data and uses AI to identify and monitor multi-tier risks, enabling real-time supply chain visibility across your extended supplier network.
After unifying the data, the system’s artificial intelligence capabilities can assist with:
- Mapping your entire supply chain
- Identifying hidden, multi-tier supplier risks
- Monitoring many layers of supplier networks
Improving Tier 2 and Tier 3 Supply Chain Risk Visibility
If you don’t know your sub-suppliers and how they affect your operations, you may miss critical risks until they disrupt your production timelines. Establishing transparency with your Tier 1 suppliers and mapping your entire supply network increases multi-tier supply chain visibility.
Onspring improves visibility by providing a centralized governance, risk and compliance (GRC) platform to manage any type of risk, including threats in your cyber supply chains. Schedule a demo to see how Onspring helps you uncover hidden supplier risks and strengthen supply chain resilience. To improve how you handle supplier risks, download our Strengthening Your Supply Chain Risk Management Practices ebook.
