No business is immune from a cyber-attack, which means there is no room for weakness in the supply chain. In fact, any weak links could have devastating consequences. If a supplier or distributor’s systems have been compromised which subsequently results in a breach for its client, there is the cost of recovery (including enhanced security, PR management, brand damage) for that client. For the partner, the trusted relationship is damaged – perhaps irreparably which could mean that it could lose out to competition in the future.
Collaboration between business and their suppliers is increasingly important to understand how data is shared and processed. It is essential to have a clear process for sharing data with all third parties, plus visibility on what is shared and then implementing robust controls to ensure adequate precautions are taken to safeguard it.
A robust supply chain is therefore critical for businesses regardless of where they fit in the chain. Many procurement leaders are now collaborating with partners and working with third parties to implement audits or assessments of partners to make sure they meet their defined security criteria. If each partner can demonstrate adherence in this regard, it not only shows best practice but may also drive competitive advantage against others that have not placed the same rigour around security and risk management.
Ensuring the right things are in place to manage security and risk can be a daunting task, which is why more businesses and procurement leaders are working with a trusted third party to help them identify vulnerabilities, define a plan of action and implement the relevant controls.
“Companies in almost every industry are more reliant than ever upon their vendors, and particularly those in their supply chain. The demand for constant online communication creates enormous opportunities for hackers to exploit weak vendor security practices as a point of entry into their ultimate target,” said Steve Bridges, senior vice president at JLT specialty, an insurance broker specializing in cyber insurance.