Three ways to reduce supply chain cyber risk

In a perfect storm of inflation, war, and recovery from a global pandemic, organisations are facing unprecedented pressure on their supply chains. Amid the crisis, supply chain cyber risks cannot be ignored.

According to the Ponemon Institute, 60% of data breaches are caused by a company's suppliers and other third parties*; 58% of breaches target client data**. The conclusion? Never trust a company with your data without assessing their security first.

As a global organisation, we speak to hundreds of companies who use service providers to remain efficient and competitive.

Cyber risk should be treated like anti-money laundering (AML) and Know Your Customer (KYC) checks – you would never expose your company to terrorist financing or sanctioned individuals, so why would you open yourself up to companies with inadequate security?

Here are three ways every company can monitor their providers

1. Due diligence
   IT security questionnaires are essential for understanding your providers’ controls, procedures, certification and history.
2. Threat intelligence
   Many companies are now using threat intelligence to enhance their oversight with continuous monitoring of suppliers’ vulnerabilities, breaches, and other issues that could provide entry points to malicious actors.
3. Escalation
   Sometimes monitoring is not enough. Where you encounter a high-risk organisation, you should act quickly to find out more, share intelligence and require them to build security. Where suppliers do not engage, you may need to terminate the relationship and avoid a potentially catastrophic security breach.

Thomas Murray’s risk platform includes due diligence and threat intelligence tools, so you can efficiently monitor your providers and build a secure network.