Firms are exposed to a variety of low-probability, high-impact risks that can disrupt their operations and supply chains. These risks are difficult to predict and quantify; therefore, they are difficult to manage. As a result, managers may suboptimally deploy countermeasures, leaving their firms exposed to some risks while wasting resources to mitigate other risks that would not cause significant damage. In a three-year research engagement with Ford Motor Company, we addressed this practical need by developing a novel risk-exposure model that assesses the impact of a disruption originating anywhere in a firm's supply chain. Our approach defers the need for a company to estimate the probability associated with any specific disruption risk until after it has learned the effect such a disruption will have on its operations. As a result, the company can make more informed decisions about where to focus its limited risk-management resources. We demonstrate how Ford applied this model to identify previously unrecognized risk exposures, evaluate predisruption riskmitigation actions, and develop optimal postdisruption contingency plans, including circumstances in which the duration of the disruption is unknown.