CybSafe, London, 10th July: CybSafe today announced the results from its latest Secure the Supply Chain survey, which found that there are increasing cyber security requirements being placed on businesses supplying enterprise customers.
CybSafe – the intelligent cyber security awareness, behaviour and culture solution that demonstrably reduces human cyber risk – ran a survey of 250 IT decision makers at small and medium-sized suppliers to enterprise and found that 60% of businesses had to report on their cybersecurity measures as part of the contract or RFP process. This is up from 52% back in 2017.
In addition, 63% of businesses are being asked to fill out cyber security questionnaires and two-thirds (66%) have been asked about their cyber security training. Just over a third (37%) of organisations have been required to achieve a recognised cyber security standard by their enterprise customers before securing contracts. This is up compared to CybSafe’s 2017 study where only 28% were obliged to prove compliance with such standards.
Oz Alashe, CEO and founder of CybSafe, said: “The cyber security bar for suppliers is being raised every year. While lax cyber security precautions may have gone relatively unnoticed a few years ago, suppliers are now losing out on lucrative deals specifically because of security concerns. With enterprise customers more conscious than ever of the authorities, GDPR, and reputational damage, suppliers will need to alter their practices accordingly in order to stand a chance of becoming a trusted supplier.”
Caution from enterprise customers seems to be justified. Currently, only half – 47% – of businesses are using cyber security training to ensure staff have the skills to avoid cyber attacks, and 55% of companies selling to enterprise admitted they had suffered a data breach within the last five years. Almost a third (29.6%) of those surveyed had lost a contract with a customer due to cyber security or fraud in the last 12 months.
Alashe commented: “No company is an island, and the necessity of working with third-party suppliers can open up critical vulnerabilities in an organisation’s line of defence. It is no longer enough for businesses to ensure that their own network is secure, as any supplier, or supplier of a supplier, poses a risk to the entire operation.”