A third (31%) of UK firms would dump suppliers if their negligence caused a major cyber-incident, according to a new study from Beaming.
The business ISP interviewed over 500 company bosses to find out more about their attitudes to cybersecurity, and revealed a refreshingly no-nonsense attitude when it comes to managing supply chains.
Aside from those who would terminate the partner company’s contract, 20% said they’d use the incident to negotiate a discount, 15% would issue a warning and 17% would take legal action to recover any financial losses. Only 3% would take no action.
Supply chain security is increasingly important as hackers look to attack what they believe to be the weaker links in the security chain in order to infiltrate higher value targets.
Both the GDPR and NIS Directive aim to increase accountability and transparency when it comes to securing the often complex web of inter-dependencies that form modern supply chains — with major fines for those seen to be negligent.
Over a third (35%) of company bosses Beaming spoke to said they wouldn’t work with a supplier they thought would make them more vulnerable, while 27% claimed they’d actively avoid a company publicly associated with a major breach. That highlights the importance of good cybersecurity as a foundation for business growth.
Quite rightly, a quarter of respondents said they wouldn’t work with firms without a documented security policy in place and 19% would avoid those without cyber insurance. Although these numbers are encouraging, ideally, no business that processes personal data should work with a supplier that doesn’t have a clear security policy in place, and that hasn't been audited as GDPR compliant.
Beaming managing director, Sonia Blizzard, claimed business leaders see cybersecurity as a shared responsibility.
“Businesses that neglect to take the steps necessary to protect themselves and their partners could find that a single breach could irreparably damage their hard-earned reputations and relationships,” she added.
“For businesses, the consideration of risk must extend beyond their own boundaries to incorporate customers, partners and other organizations they come into contact with. Rather than simply guarding what’s ours, we need a cybersecurity culture that means we all look out for those we do business with too. Just like herd immunity, if enough businesses are well secured, the ability for denial-of-service attacks, viruses and other attacks to spread will be greatly diminished.”