Enterprise IT leaders demand more stringent cyber security from suppliers

CybSafe, the behavioural science based cyber security e-learning platform, today revealed that enterprise level organisations are increasingly assessing cyber security during supplier contract negotiations.

The GCHQ-accredited software platform, based in renowned Canary Wharf connected community Level39, conducted a survey of SME decision-makers to assess how their enterprise customers approach cyber security during the tender and RFP process.

The study revealed that 1 in 3 SMEs selling to enterprise required cyber security precautions as part of the RFP process to win new contracts in the last year and 50 percent had cyber security conditions included in new contracts with enterprise customers.

>See also: The UK government needs to take advantage of data’s golden age

In addition, 44% of respondents had been required to have a recognised cyber security standard, such as ISO 27001, by their enterprise customers, 28 percent in the last year alone, demonstrating a clear trend in enterprise approach to supplier information security.

The threat of Information Commissioner’s Office (ICO) sanctions, looming GDPR and reputational damage from a data breach mean enterprise organisations are increasingly looking at the security of their entire IT estate, including third party suppliers.

Worryingly for business and IT leaders, the inaugural CybSafe Supplier Cyber Security Study also revealed that 1 in 7 SMEs selling to enterprise had no cyber security protocols in place at all. This further highlights cyber security vulnerabilities in the supply chain as cyber criminals increasingly target suppliers due to the perceived lack of stringent information security protocols in SMEs.

Oz Alashe, CEO and founder, CybSafe said: “The CybSafe Supplier Cyber Security study shows the extent to which enterprise focus on securing the supply chain has increased in recent years, in light of increased sanctions for data loss and high-profile data breaches. This represents a unique opportunity for enterprise to affect cyber security change on a much greater scale. By insisting on a greater focus on cyber security from their SME suppliers, these businesses can play an influential role in reducing overall cyber risk and increasing mass awareness of cyber security throughout the business community, from supplier to enterprise. This can only be a positive impact on the progression of cyber risk awareness in society as a whole. The more enterprise sees cyber security as a value-add, the more SMEs will change online practices to become that trusted vendor.”

>See also: How to protect your big data idea

The study aimed to track trends in enterprise approach to cyber security among suppliers, providing a definitive check- up on the state of supply chain information security. Other findings from the study include:

● Over 2 in 5 (43%) of organisations have cyber insurance to protect against data breaches.
● Less than half of organisations surveyed had begun taking data protection steps ahead of GDPR implementation.
● More than 2 in 5 respondents would inform all customers immediately following a data breach.

>See also: Big data, little Britain and nationalistic fever

● 54% of the SMEs decision makers surveyed had been asked about employee cyber security training by enterprise customers.

Alashe, added that “high profile data breaches such as Target, where hackers gained access to the retailer through its air conditioning supplier, have brought supply chain cyber security to the forefront and this has clearly struck a chord with enterprise leaders. Organisations are realising that it’s no longer enough to ensure their own network is secure, but they must now also pay closer attention to securing the supply chain. This is a trend we will see increase in the coming years. No business is an island, and so large organisations will only work with trusted vendors in the future. The SMEs that adapt their information security practices to the new landscape and demonstrate their cyber credentials will be the most successful in the future.”


The UK’s largest conference for tech leadershipTech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Cyber Security
Enterprise IT