2 minute read
A THIRD OF UK FIRMS
with digital supply chains are vulnerable to cyberattacks, with many lacking even basic protective measures compared with 41% of respondents from elsewhere. He says this pattern might be linked to budgets. “UK organisations are less likely than those in other regions to be getting cybersecurity budget increases”.
But he warns that the “intensive threat landscape” should be enough to prompt businesses to reconsider budgets.
“They need to consider whether the price is worth paying, to avoid the currently almost certain risk of suffering a breach via the supply chain.”
McDonnell says when it comes to managing alerts arising from vendor monitoring, companies “should look towards advanced AI-powered options” because “these can lift the burden of analysis and prioritisation”. He adds that “it’s important there is the facility for human review of key decisions and processes. The investment needed to establish effective third-party cyber risk management is not as high as you might think,” he says, adding that “implementing a robust solution delivers a host of strategic data that can be incorporated into corporate risk management and decision-making processes”.
He continues: “Businesses should look for solutions capable of scaling, to cover all suppliers. They should also aim for continuous monitoring so that attackers’ window of opportunity is limited as far as possible, and risk is reduced accordingly.”
This, he says, allows businesses to proactively manage their supply chains and to deliver greater resilience at a time when it is badly needed.
“And of course, compared to the cost of a breach, the investment is a price well worth paying,” he stresses.
Ways to bolster supply chain cybersecurity
Here is some advice around protecting supply chains from Andrew Wood, Engagement Director at Elixirr, the global consulting firm. Wood has a long background in IT procurement.
Prevention
Prevention is always better than cure. Enlisting a focused cybersecurity service provider that can undertake a robust cyber maturity assessment helps.
Budget Assessment
More companies are upping the ante on cybersecurity spending in technology supply contracts, due to the costs that can result from a breach. There must be healthy conversations between CISOs and CFOs about budgets if preventative measures are to be properly supported.
Compliance
Companies must ensure their technology supply agreements include appropriate security compliance provisions that delineate the cybersecurity requirements in which their technology partners need to comply.
Collaboration
One of the best things is a robust sourcing strategy that embeds diligence around supplier screening as part of the onboarding process. Contractual provisions must also be part of agreements, so that ongoing monitoring of supply chain risk takes place.
Partnerships
The cybersecurity supplier and solution landscape is crowded, and companies must select partners who reduce the risk of cyberattack on their unique technology footprint.
Managing Risk
Businesses need to know where they are on the risk spectrum. It’s important to understand the varying requirements around robust cybersecurity risk management and governance.
Stay Current
The pace of change in technology is unrelenting. Technology-sourcing professionals need to stay up-to-date on their tech knowledge if they are to properly advise CIOs and CFOs on the best cybersecurity investments.
