Beyond Tier 1: Mapping Hidden Supplier Dependencies and the Limits of CBI Cover in India 2026

Contingent business interruption (CBI) cover responds when a loss at a supplier's or customer's premises interrupts the insured's own business, even though the insured's own property is undamaged. It is the answer to a real exposure: a manufacturer whose own plant is running perfectly can still be brought to a halt when the supplier of a critical input suffers a fire, a flood or a machinery breakdown and cannot deliver. CBI bridges that gap between property damage at someone else's site and income loss at the insured's. The difficulty is in how the cover is scoped, because the way CBI is written in the Indian market, and globally, usually limits it to named direct suppliers, the tier-1 suppliers the insured contracts with directly.

The reason is underwriting tractability. An insurer can assess and price a CBI exposure when it knows which supplier locations it is on risk for: it can look at the named supplier's premises, its fire and flood exposure, its protections and its criticality to the insured, and set a sub-limit and an indemnity period accordingly. An insurer cannot price an open-ended exposure to an unknown and unbounded set of suppliers it has never seen, because the aggregation is unknowable and the exposure could be vast. So CBI cover is typically extended only to suppliers the insured names and the insurer accepts, each with its premises identifiable and its risk assessable, and that almost always means the direct, tier-1 suppliers the insured knows and contracts with.

The gap this leaves

The consequence is a structural gap. The dependency that actually stops a production line is frequently not at the tier-1 supplier the insured names, but two or three tiers deeper, at a tier-2 or tier-3 sub-supplier the insured has never dealt with and often does not know exists. The tier-1 supplier may itself depend on a single specialist sub-supplier for a critical sub-component, a particular grade of steel, a specialised electronic part, a chemical intermediate, and if that deeper supplier fails, the tier-1 supplier cannot deliver and the insured is interrupted, but the loss originates at a premises that is not named on the policy and is not covered. The insured bought CBI believing its supply-chain interruption was covered, and discovers at claim that the cover named the wrong tier.

The most dangerous supply-chain exposures are the hidden single-source dependencies, the points where the whole chain narrows to one supplier that the buyer cannot easily see because it sits below the buyer's direct relationships. Understanding why these form, and why they are invisible, is the starting point for mapping them.

A single-source dependency exists wherever a critical input can practically be obtained from only one supplier, whether because that supplier holds the specialised capability, the tooling, the certification, the intellectual property or simply the only economic capacity for that part. These dependencies form naturally as supply chains specialise and consolidate: a component that many manufacturers need is made by one or two specialist firms that achieved the scale and capability to dominate it, so the whole industry depends on them without any individual buyer choosing that concentration. The buyer sees a diversified set of tier-1 suppliers and feels diversified, while in fact several of those tier-1 suppliers all depend on the same tier-2 specialist, so the apparent diversification is an illusion that collapses when the shared sub-supplier fails.

Why these dependencies are invisible to the buyer

The buyer does not see these dependencies because its visibility usually stops at tier 1. The buyer contracts with its direct suppliers, knows their premises and their performance, and has little or no insight into where those suppliers source their own inputs. The tier-1 suppliers may regard their own supply chains as commercially confidential, may not themselves know their tier-2 dependencies in detail, and have no obligation to disclose them. So a concentration that sits two tiers down, where five of the buyer's tier-1 suppliers all rely on one tier-2 maker of a critical sub-component, is completely hidden from the buyer's risk view, even though it is precisely the concentration that could halt the buyer's production across multiple tier-1 relationships at once.

What the recent disruptions taught

The global disruptions of recent years made these hidden dependencies visible in the worst way. Semiconductor shortages halted automotive and electronics production worldwide because the chains all narrowed to a small number of fabs that buyers several tiers up had never engaged with directly. Specific specialty chemicals, rare-earth-dependent components and niche electronic parts each showed the same pattern: an interruption deep in the chain rippling up to halt production at firms that thought they were diversified. For Indian manufacturers in automotive, pharmaceuticals, electronics and engineering, the lesson is that the firms which had mapped their chains and knew their single-source points could respond, while those whose visibility stopped at tier 1 discovered their critical dependencies only when they failed. The pattern of concentration risk and its mitigation is explored further in supplier concentration risk mitigation.

Mapping the chain below tier 1 is hard, because the data is held by others and not freely shared, but it is doable with a structured approach that targets the critical inputs rather than attempting to map everything. The goal is not a complete map of every supplier at every tier (impractical and unnecessary) but identification of the single-source and concentration points that could cause a serious interruption.

The mapping proceeds by criticality, not by exhaustiveness.

1. Identify the critical inputs. Start from the insured's own production and work out which inputs, if unavailable, would halt or seriously impair it. These are usually a small number of components or materials whose absence stops the line, and they are where the mapping effort should concentrate. Most inputs are substitutable or stockable and do not warrant deep mapping; the critical few do.
2. Trace each critical input up the chain. For each critical input, work with the tier-1 supplier to understand where it sources the sub-components and materials that go into it, and where those in turn come from, until the single-source or concentration points are reached. This requires the tier-1 supplier's cooperation, which the buyer secures through the commercial relationship and, increasingly, through contractual transparency requirements.
3. Find the shared dependencies. Across the buyer's several tier-1 suppliers, look for the points where different tier-1 suppliers converge on the same tier-2 or tier-3 source, because those convergence points are the hidden concentrations that defeat apparent diversification, and they are the most important output of the exercise.
4. Assess each critical deeper supplier. For the single-source and concentration points found, assess the supplier's location and its catastrophe exposure, its financial health, its capacity and resilience, and the time it would take to replace it, so the buyer knows both the likelihood and the severity of an interruption from that point.

The data problem

The central obstacle is data. The buyer does not own the information about its sub-tier suppliers; the tier-1 suppliers do, and they may be unwilling or unable to share it. Overcoming this takes a mix of commercial pressure, contractual transparency clauses that require suppliers to disclose their critical sub-suppliers, and the growing set of supply-chain mapping tools and data services that infer chain relationships from trade, shipping and corporate data. None of these is perfect, and the map will always be incomplete, but a map that captures the critical single-source points is far better than the tier-1-only view that most buyers start with. The mapping discipline and its link to risk financing is developed in supply-chain mapping and risk financing.

The hidden single-source points are not random; they cluster in predictable places that vary by sector, and a buyer that knows where its industry's chains typically narrow can direct its mapping effort to the most likely concentration points rather than searching blind. Three of the Indian sectors most exposed to deep-chain dependency, automotive, pharmaceuticals and electronics, each have a characteristic pattern.

Automotive

Indian automotive and auto-component manufacturers run deep, multi-tier supply chains where the visible tier-1 suppliers (the large component makers the vehicle assembler contracts with) themselves depend on tier-2 and tier-3 makers of specialised sub-components, castings, forgings, electronics, specific grades of steel and aluminium, and increasingly the semiconductors and electronic control units that modern vehicles require. The semiconductor shortage of recent years exposed the pattern brutally: vehicle production across the industry halted because the chains all narrowed, several tiers up, to a small number of chip fabs that the assemblers had never engaged with directly. The lesson for an Indian auto manufacturer is that its critical dependencies often sit in the electronics and specialised-material tiers far below its tier-1 component suppliers, and that several of its tier-1 suppliers may share the same tier-2 or tier-3 chip or component source.

Pharmaceuticals

Indian pharmaceutical manufacturers, large as the industry is, carry a well-known deep dependency on active pharmaceutical ingredients (APIs) and key starting materials, a significant share of which is imported and concentrated in a small number of overseas sources. A formulator that buys its API from an Indian intermediary may find that the intermediary depends on a single overseas KSM (key starting material) supplier, so the formulator's apparent diversification at tier 1 masks a single-source dependency at tier 2 or tier 3. The concentration of API and KSM production is precisely the kind of hidden single-source point that mapping is meant to find, and it is one the pharma sector has been pushed to address through domestic-manufacturing initiatives, though the deep dependencies remain in many product chains.

Electronics and engineering

Electronics and engineering manufacturers depend on niche components, specialised electronic parts, particular grades of material, specialist tooling, that are made by a small number of global specialists, so the chain narrows at the component level in the same way. A buyer assembling a product from many components may find that one unremarkable component, sourced through a tier-1 supplier, traces back to a single tier-3 maker with no ready alternative, and that the component's absence stops the whole assembly. These low-value, high-criticality components are the classic hidden single-source points, important out of all proportion to their cost, and they are exactly what a criticality-first mapping is designed to surface. The sector-specific concentration patterns and their mitigation are developed in supply-chain insurance gaps for Indian manufacturers.

A map is a snapshot, and supply-chain risk changes continuously, so the mapping has to be paired with ongoing monitoring of the suppliers it identifies as critical. The two failure modes a buyer most needs to watch for are a supplier's financial distress, which can take a critical supplier out without any physical loss at all, and a supplier's physical and operational fragility, which determines how badly a fire, flood or breakdown would hit.

Financial-health monitoring

A critical supplier that goes insolvent interrupts the buyer just as surely as one that burns down, and a CBI policy written around property damage does not respond to a supplier's insolvency, which is a financial failure, not a physical loss. That makes supplier financial-health monitoring a distinct and necessary discipline. Monitoring the financial condition of critical single-source suppliers, through their published financials, credit assessments, payment behaviour and market signals, gives the buyer warning of distress before it becomes a default, and time to qualify an alternative, build inventory or intervene. For deeper-tier suppliers the buyer cannot monitor directly, the buyer can require its tier-1 suppliers to monitor and report on the financial health of the critical sub-suppliers they depend on. The supplier-financial-health dimension is an exposure that property-based CBI structurally does not cover, which makes monitoring and mitigation, rather than insurance, the primary defence against it.

Resilience and concentration assessment

Alongside financial health, the buyer monitors the physical and operational resilience of its critical suppliers: their location and its catastrophe exposure, the concentration of their production in a single site, their own business-continuity arrangements, their dependence on their own single sources, and their capacity to recover and to surge if needed. A critical supplier concentrated in a single flood-exposed site with no continuity plan is a far worse exposure than one with multiple sites and tested recovery arrangements, even if both look the same in a tier list. This resilience assessment feeds both the mitigation plan and the insurance structuring, because it tells the buyer which dependencies most need protecting and how a loss at each would unfold.

The point of mapping the chain and monitoring the critical suppliers is to make better decisions about what to insure, what to mitigate and what to accept, so the map feeds directly into both the insurance structuring and the operational risk-management plan. A buyer that has mapped its chain can structure cover that matches its real exposure rather than buying a tier-1-only CBI that misses the dependencies that matter.

Structuring the insurance

Once the critical single-source points are identified, the buyer can take them to the insurance market deliberately. Where a critical dependency sits at a tier-1 supplier, it can be named in the CBI extension with an appropriate sub-limit and indemnity period. Where a critical dependency sits deeper, the buyer can seek to have the relevant sub-supplier named (some insurers will extend CBI to a specified tier-2 supplier if the buyer can identify and present it), can negotiate the indemnity period to reflect the real time to recover from a loss at that point, and can consider whether a parametric or non-damage trigger fits a dependency that property-based CBI cannot reach. A parametric supply-chain cover that pays on a defined trigger event, rather than requiring property damage at a named premises, can respond to disruptions that indemnity CBI excludes, and its design for Indian supply chains is discussed in parametric supply-chain trigger design. The map is what makes any of this possible, because the insurer can only extend cover to dependencies the buyer can identify and present.

Mitigation for what cannot be insured

The map will reveal dependencies that cannot be insured economically or at all, particularly the supplier-insolvency exposure and the deepest single-source points where no insurer will extend cover. For these the answer is operational mitigation: qualifying a second source so the single-source point is no longer single, holding strategic inventory or safety stock of the critical input to bridge an interruption, negotiating priority-supply or capacity-reservation arrangements with critical suppliers, and building the supplier-development relationships that improve the resilience of the points the buyer most depends on. Mitigation and insurance are complements: insurance finances the interruptions the buyer cannot prevent, while mitigation reduces the interruptions and the dependencies in the first place, and the map tells the buyer where to apply each.

The decision the map enables

The whole exercise produces a register of critical dependencies, each tagged with its likelihood, its severity, whether it is insurable and at what cost, and what mitigation is available, and that register is the basis for a deliberate decision on each: insure it, mitigate it, or accept it with eyes open. That deliberate decision, dependency by dependency, is far better than the default position most buyers occupy, a tier-1-only CBI bought without a map, leaving the buyer insured for the suppliers it can see and exposed to the ones it cannot.

Structuring CBI and supply-chain cover well depends on understanding exactly what each insurer's wording covers: which trigger it requires, whether it reaches named sub-suppliers, how its indemnity period and sub-limits work, and where its exclusions leave the buyer exposed. Sarvada gives commercial insurance brokers and corporate risk teams structured, searchable access to insurer policy wordings, so the CBI and supply-chain cover built around a supplier map rests on a precise reading of what each market's wording actually responds to. Request Access to match your supply-chain mapping to the wordings that will cover the dependencies it reveals.