Managing cyber risk across the supply chain

Managing cyber risk across the supply chain

New research indicates that over a third of UK organisations have no way of knowing if a cyber risk emerges in their supply chain.

The findings of a global study into third-party cyber risk management published by BlueVoyant reveal that 82% of large organisations in the UK had experienced a cyber-security breach that originated from vulnerabilities in their supply chain in the past 12 months. The average organisation had been breached in this way 2.6 times.

Organisations are experiencing problems with cyber risk management because they need to mitigate risk across a network that typically encompasses over 1000 suppliers. This is a particular problem in the UK where 34% of organisations say they have no way of knowing if cyber risk emerges in a third-party vendor: this was the highest out of all five countries surveyed in the research.

Just over one fifth (22%) monitor their entire supply chain, which means that 78% do not have full visibility of cyber risks in their supply chain. Of those that do monitor their suppliers, 40% only re-assess vendors’ cyber risk position every six-monthly, or even less frequently.

On a more positive note, 87% of UK organisations say that budget for third-party cyber risk management is increasing, by an average figure of 45%. This is supported by an average headcount in internal and external cyber risk management teams of 11.7 people.

“82% of UK organisations have reported a cybersecurity breach caused by their supply chain in the past 12 months, which should be sounding alarm bells,” Robert Hannigan, Chairman for BlueVoyant International commented. He points out that, because vendor risk is reassessed so infrequently, organisations are in effect “flying blind to risks that could emerge at any moment in the prevailing cyber threat environment.”

The problem is that many vendors seem reluctant to engage with their customers over this issue. Organisations cited problems such as unresponsive third-party suppliers and enforcing SLAs.

It seems clear that the management of cyber security risks is something that should concern both suppliers and their customers. It must be a partnership. Many organisations are waking up to this and suppliers that ignore the issue are likely to find themselves taken off procurement lists.

The UK BlueVoyant report Global Insights: Supply Chain Cyber Risk – Managing Cyber Risk Across the Extended Vendor Ecosystem (registration required) involves a study conducted by independent research organisation Opinion Matters and records the views and experiences of 1505 CIOs, CISOs and Chief Procurement Officers in organisations with more than 1000 employees across a range of sectors. It covers five countries: USA, UK, Mexico, Switzerland and Singapore.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]