Enterprise-size organisations are increasingly assessing the cyber-security of their suppliers during contract negotiations, according to survey by cyber-security e-learning platform CybSafe.
In its inaugural CybSafe Supplier Cyber Security Study, the firm looked to SME decision-makers to assess how their enterprise customers approach cyber-security during the tender and RFP process.
The survey finds that one in three SMEs selling to enterprises were required to have taken significant cyber-security precautions to win new contracts in the last year.
Fifty percent had cyber-security conditions stipulated in new contracts with enterprise customers. In addition, 44 percent of respondents had been required to acquire a recognised cyber-security standard, such as ISO 27001, by their enterprise customers, with 28 percent of those happening in the last year alone, demonstrating a clear trend in enterprise approach to supplier information security.
The threat of sanctions coming from the Information Commissioner's Office (ICO) with the incoming GDPR and reputational damage from a data breach, means enterprises are increasingly looking at the security of their entire IT estate, including third party suppliers.
The measures taken by enterprises would appear apt: the survey revealed that one in seven SMEs selling to enterprise had NO cyber-security protocols in place at all.
This further highlights cyber-security vulnerabilities in the supply chain as cyber-criminals increasingly target suppliers due to the perceived - and actual - lack of stringent information security protocols in SMEs.
Oz Alashe, chief executive and founder of CybSafe said; “High profile data breaches such as Target, where hackers gained access to the retailer through its air conditioning supplier, have brought supply chain cyber-security to the forefront and this has clearly struck a chord with enterprise leaders. Organisations are realising that it's no longer enough to ensure their own network is secure, but they must now also pay closer attention to securing the supply chain.”
The annual CybSafe Supplier Cyber Security Study aims to track trends in enterprise approach to cyber security among suppliers, providing a definitive check- up on the state of supply chain information security. Other findings from the study include:
- More than two in five (43 percent) of organisations have cyber-insurance to protect against data breaches.
- Less than half of organisations surveyed had begun taking data protection steps ahead of GDPR implementation.
- More than two in five respondents would inform all customers immediately following a data breach.
- 54 percent of the SMEs decision makers surveyed had been asked about employee cyber-security training by enterprise customers.
Alashe added: “This is a trend we will see increase in the coming years. No business is an island, and so large organisations will only work with trusted vendors in the future. The SMEs that adapt their information security practices to the new landscape and demonstrate their cyber-credentials will be the most successful in the future.”