CybSafe, the behavioural science based cyber security e-learning platform, today reveals that enterprise level organisations are increasingly assessing protection during supplier contract negotiations. The GCHQ-accredited software platform, based in renowned Canary Wharf connected community Level39, conducted a survey of SME decision-makers to assess how their enterprise customers approach cyber security during the tender and RFP process.
The study reveals that one in three SMEs selling to enterprise required security precautions as part of the RFP process to win new contracts in the last year and 50 per cent had cyber conditions included in new contracts with enterprise customers.
In addition, 44 per cent of respondents had been required to have a recognised cyber protection standard, such as ISO 27001, by their enterprise customers, 28 per cent in the last year alone, demonstrating a clear trend in enterprise approach to supplier information protection.
The threat of Information Commissioner’s Office (ICO) sanctions, looming GDPR and reputational damage from a data breach mean enterprise organisations are increasingly looking at the security of their entire IT estate, including third party suppliers.
Worryingly for business and IT leaders, the inaugural CybSafe Supplier Cyber Security Study also reveals that one in seven SMEs selling to enterprise had no protocols in place at all. This further highlights vulnerabilities in the supply chain as cyber criminals increasingly target suppliers due to the perceived lack of stringent information protocols in SMEs.
Oz Alashe, CEO and founder, CybSafe says, ‘The CybSafe Supplier Cyber Security study shows the extent to which enterprise focus on securing the supply chain has increased in recent years, in light of increased sanctions for data loss and high-profile data breaches. This represents a unique opportunity for enterprise to affect cyber security change on a much greater scale.
‘By insisting on a greater focus on cyber security from their SME suppliers, these businesses can play an influential role in reducing overall cyber risk and increasing mass awareness of cyber security throughout the business community, from supplier to enterprise. This can only be a positive impact on the progression of cyber risk awareness in society as a whole. The more enterprise sees cyber security as a value-add, the more SMEs will change online practices to become that trusted vendor.’
The annual CybSafe Supplier Cyber Security Study aims to track trends in enterprise approach to cyber security among suppliers, providing a definitive check- up on the state of supply chain information security. Other findings from the study include:
- More than two in five (43 percent) of organisations have cyber insurance to protect against data breaches
- Less than half of organisations surveyed had begun taking data protection steps ahead of GDPR implementation
- More than two in five respondents would inform all customers immediately following a data breach
- 54 percent of the SMEs decision makers surveyed had been asked about employee training by enterprise customers
Alashe, adds, ‘High profile data breaches such as Target, where hackers gained access to the retailer through its air conditioning supplier, have brought supply chain cyber security to the forefront and this has clearly struck a chord with enterprise leaders. Organisations are realising that it’s no longer enough to ensure their own network is secure, but they must now also pay closer attention to securing the supply chain.
‘This is a trend we will see increase in the coming years. No business is an island, and so large organisations will only work with trusted vendors in the future. The SMEs that adapt their information security practices to the new landscape and demonstrate their cyber credentials will be the most successful in the future.
‘Using intelligent software and proprietary analytics, CybSafe’s cloud-based platform learns an individual’s knowledge level and their behaviour patterns to deliver a personalised e-learning programme. Delivered through a mobile app or online the platform will save businesses money, not just by reducing their risk of becoming victim to a security breach, but also by delivering meaningful training that constantly evolves based on current threats and potential reductions in cyber insurance premiums.’