Enterprise IT leaders demanding more stringent cyber security from suppliers

Inaugural CybSafe Supplier Cyber Security Study reveals SME must increasingly prove cyber credentials to win contracts.

  • Tuesday, 1st August 2017 Posted 7 years ago in by Phil Alsop
CybSafe, the behavioural science based cyber security e-learning platform, has revealed that enterprise level organisations are increasingly assessing cyber security during supplier contract negotiations. The GCHQ-accredited software platform, based in renowned Canary Wharf connected community Level39, conducted a survey of SME decision-makers to assess how their enterprise customers approach cyber security during the tender and RFP process. The study revealed that 1 in 3 SMEs selling to enterprise required cyber security precautions as part of the RFP process to win new contracts in the last year and 50 percent had cyber security conditions included in new contracts with enterprise customers.
 
In addition, 44 percent of respondents had been required to have a recognised cyber security standard, such as ISO 27001, by their enterprise customers, 28 percent in the last year alone, demonstrating a clear trend in enterprise approach to supplier information security. The threat of Information Commissioner’s Office (ICO) sanctions, looming GDPR and reputational damage from a data breach mean enterprise organisations are increasingly looking at the security of their entire IT estate, including third party suppliers. 
 
Worryingly for business and IT leaders, the inaugural CybSafe Supplier Cyber Security Study also revealed that 1 in 7 SMEs selling to enterprise had no cyber security protocols in place at all. This further highlights cyber security vulnerabilities in the supply chain as cyber criminals increasingly target suppliers due to the perceived lack of stringent information security protocols in SMEs.
 
Oz Alashe, CEO and founder, CybSafe said; “The CybSafe Supplier Cyber Security study shows the extent to which enterprise focus on securing the supply chain has increased in recent years, in light of increased sanctions for data loss and high-profile data breaches. This represents a unique opportunity for enterprise to affect cyber security change on a much greater scale. By insisting on a greater focus on cyber security from their SME suppliers, these businesses can play an influential role in reducing overall cyber risk and increasing mass awareness of cyber security throughout the business community, from supplier to enterprise. This can only be a positive impact on the progression of cyber risk awareness in society as a whole. The more enterprise sees cyber security as a value-add, the more SMEs will change online practices to become that trusted vendor.”
 
The annual CybSafe Supplier Cyber Security Study aims to track trends in enterprise approach to cyber security among suppliers, providing a definitive check- up on the state of supply chain information security. Other findings from the study include:
?      Over 2 in 5 (43 percent) of organisations have cyber insurance to protect against data breaches
?      Less than half of organisations surveyed had begun taking data protection steps ahead of GDPR implementation
?      More than 2 in 5 respondents would inform all customers immediately following a data breach
?      54 percent of the SMEs decision makers surveyed had been asked about employee cyber security training by enterprise customers
 
Oz Alashe, added; “High profile data breaches such as Target, where hackers gained access to the retailer through its air conditioning supplier, have brought supply chain cyber security to the forefront and this has clearly struck a chord with enterprise leaders. Organisations are realising that it’s no longer enough to ensure their own network is secure, but they must now also pay closer attention to securing the supply chain. This is a trend we will see increase in the coming years. No business is an island, and so large organisations will only work with trusted vendors in the future. The SMEs that adapt their information security practices to the new landscape and demonstrate their cyber credentials will be the most successful in the future.