✅ Model answer outline
A distinction-level answer treats cyber threats as a strategic driver, not an IT issue, and traces cause-and-effect through the procurement function. It should structure the response around identifiable drivers, explain how each reshapes future requirements, and weigh tensions such as cost versus resilience before applying a worked example.
📌 Key concepts
- Supply-network complexity — interconnected digital supply chains widen the attack surface and demand new visibility.
- Resilient supply chains — designing redundancy, segmentation and rapid recovery against cyber disruption.
- Vertical/horizontal alignment — embedding cyber requirements into corporate risk appetite and cross-functional processes.
- Kraljic lens — treating cyber-critical suppliers as strategic or bottleneck items warranting deeper due diligence.
📊 Worked example
After the 2020 SolarWinds compromise, many buyers re-mapped their software supply networks, moved cyber assurance into supplier selection, and built resilience through multi-sourcing of critical digital services — a concrete shift in future procurement requirements.
❌ Common weaknesses
Weak answers merely list cyber risks descriptively and never explain how those drivers change the strategic requirements of the procurement function itself.
📋 LO: 1.1 — Assess the drivers that are shaping the future requirements of the strategic procurement and supply function
📑 Indicative content: dealing with complexity via supply-network strategies; resilient supply chains and networks