Our world has become interconnected, and so have businesses and suppliers across the globe.
When you increase the number of parties in your supply chain, you are also increasing the potential attack surface of your business. Even though your cyber defence is sophisticated, your suppliers might not adhere to the same standards. The surveyed consumer businesses predominantly feel confident about their supply chains’ cyber resiliency. However, there are also red flags.
What does the survey show?
According to the survey, 78% believe that their company is resilient against cyber-attacks to a high degree when it comes to handling customer data. 63% indicate the same level of cyber resiliency when it comes to using cloud services. Assessing their cyber resiliency in relation to suppliers, new technology and customer services, more than half of the respondents believe that they are cyber resilient only to some degree or to a lesser degree.
One of the things that stand out here is the alleged cyber resiliency when it comes to handling and protecting customer data. As previously mentioned, EU’s GDPR combined with an increased focus on compliance with privacy regulations has been a decisive factor in driving this development, especially for consumer businesses. It is promising to see that the increased focus and awareness have also led to increased confidence in handling and protecting customer data.
Another yet more alarming conclusion is that more than half of the respondents feel they are only to some degree, a lesser degree or not at all resilient in areas of the supply chain that involve business partners, suppliers and new technology. This causes concern, as we are currently experiencing an increase in attacks targeting the supply chain.
When cyber-attackers are targeting the supply chain, the large corporations remain the end-goal. By using the smaller suppliers as entry points and exploiting the weaknesses in their defence, however, it becomes easier for attackers to gain access to those large companies. The data from the survey is supported by the findings of the qualitative interviews, underlining the fact that suppliers and new technology seem to be a weakness in terms of the respondents’ cyber resiliency.
As mentioned in the section about the surging cyber threat, 70% of the respondents state that they have not suffered a major cyber-attack during the last year. Yet, almost half of the respondents believe that they are resilient against cyber threats throughout the supply chain to a high degree. It is unclear what this assessment is based on, but it could indicate that some of the surveyed consumer businesses are operating under a false sense of confidence when it comes to their own cyber defence.
The broader picture
Tame the supply chain monster
As the border between the physical and digital world has vanished, we have seen an increasing transition from traditional supply chains to digital supply networks, which transforms linear supply chains into interconnected ecosystems.
This makes it increasingly challenging to manage risks across the supply chain. For large corporations, there may be several thousands of different third, fourth and fifth parties to consider. With more connected components communicating and storing data, the risk increases, and the attack surface expands.
To mitigate this risk, it is crucial for organisations to define security requirements and to have a cyber-risk management programme for evaluating third-party (and even fourth-party) services to reduce the risk of successful attacks against the supply chain.