New and transformative technologies are enabling businesses to innovate and grow in an increasingly digital world, bringing greater insight, productivity and business efficiencies. From cloud computing to big data, IoT and AI technologies, digital collaboration is essential as organisations rely on suppliers, partners and consultants to meet customer demands and embrace digital opportunities in increasingly competitive environments.
In 2020 the global pandemic exacerbated this as we all moved to working from home. Essential services such as retail, education and healthcare shifted to being provided online, from the physical to the digital, in most cases with 3rd party supplier support. Eight in ten organisations fast-tracked their digital transformation programmes in 2020*, with 89% saying the pandemic highlighted the need for a more agile and scalable IT environment.
With significant business change comes increased cyber security risks.
As supply chains become more interconnected, the weak points in suppliers’ offerings become even more attractive to attackers who want to gain access to the ultimate target; the outsourcing organisation. In particular, small players in an organisation’s supply chain can introduce higher levels of cyber risk.
Supplier risk management and assurance therefore is an aspect of cyber resilience that organisations must focus on. Sounds obvious, yes? Yet many organisations find this area particularly challenging.
Government research shows that businesses of all sizes are not adequately protecting themselves against cyber attacks, especially those originating in their supply chains. The Cyber Security Breaches Survey 2021** found that only 12% of businesses review risks coming from immediate suppliers while only one in twenty address risks coming from wider supply chains.
The research further highlighted that the 5 main barriers to effective management of supplier cyber security risks are:
- Low recognition of supplier cyber security risk: Organisations are often unclear of how their supplier’s cyber security arrangements are linked to their own cyber security, with many not considering or prioritising cyber risk in the procurement process.
- Limited visibility into supply chains: Poor visibility of information can be an obstacle for organisations, especially with complex and multi-tiered supply chains.
- Insufficient expertise to evaluate supplier cyber security risk: Often those managing suppliers do not know what cyber security questions to ask their suppliers or how to identify if a supplier has effective cyber security in place.
- Insufficient tools to evaluate supplier cyber security risk: With there being many standards available to assess supplier risk, confusion is only natural and organisations perhaps don’t know where to start or what framework to use.
- Limitations to taking action due to structural imbalances: Organisations may feel they lack sufficient leverage with larger or specialist suppliers and therefore can not request or insist on certain cyber security standards, and there may be a lack of choice of alternatives if such suppliers refuse to meet their requirements.
Despite these challenges, organisations must think outside of the ‘company box’ and take a holistic view of cyber risks across both their business and supply chains. By expanding their cyber security awareness, with the help of cyber security experts if required, and extending their cyber security perimeter to include all suppliers, plus selecting suppliers with a sincere and open cyber culture, only then can these challenges start to be addressed.
Supply chain cyber security is highly complex and is the most critical risk that businesses face today. It’s vital that you have a clear picture of your cyber security capabilities, that you analyse your weak spots, enabling you to concentrate effort, resources and budget to be more cyber resilient. Here at Infosec Partners we’ve worked with many organisations to mitigate third party risk.
Our Cyber Risk Scorecard is an effective way to obtain real-time assessments of cyber security risks and highlight areas that require further assessment and verification.
Please get in touch if you are concerned about the cyber security risks within your supply chain.
*according to Dell’s Digital Transformation Index 2020 ** by Gov.uk
INTERESTED IN IMPROVING YOUR SUPPLY CHAIN SECURITY?
Please leave a few contact details and one of our trusted cyber security consultants will get back to you.
Or call us to speak with someone immediately: +44 845 257 5903