Third of businesses would ditch suppliers who neglect cybersecurity

A new survey published by Beaming shows that a third of businesses would cancel contracts with suppliers who don’t take cybersecurity seriously.

The data showed that 31% of the businesses surveyed would cancel their contracts or seek an alternative supplier if their business was impacted by the negligence of a third party.

The report also showed that 17% of those questioned would take legal action in order to recover losses caused as a result of a supplier’s negligence.

Interestingly, the data shows that there’s still a way to go to raise awareness of the potential dangers faced by businesses from weaknesses in their suppliers as just 35% of those surveyed said they would not work with a vulnerable supplier.

image1

What are the Risks?

Cyber attacks via a supply chain can occur in a variety of ways such as;

  • Malware can be introduced into a supply chain via {phishing emails} a number of different attack vectors usually exploiting the most vulnerable area of a system or security practice.
  • A supplier with poor cybersecurity can lead to a vendor’s credentials being stolen and exploited.
  • Smaller companies tend to have smaller security budgets meaning that they make easier targets and are used as a stepping-stone for threat actors to infiltrate their main target.

The Beaming report also showed that SMEs are the most likely to be a weak link due to having a smaller budget and lack of technical expertise. 50% had no cybersecurity policy in place and 2/3's had no cyber insurance.

With cybercrime as a service booming, anyone from a curious teenager to a criminal organisation can purchase the tools needed to breach a business. As with most criminals, they are seeking easy prey and will pass on anything that proves too much of a challenge.

Need to check the cybersecurity of a potential supplier?

Due Diligence is a vital part of ensuring the security of your business. When seeking out or working with suppliers you should always ensure that they are taking cybersecurity seriously.

In recent years poor due diligence has resulted in some of the biggest data breaches (e.g TalkTalk). Just because a supplier says that they are secure doesn’t mean it is so. It always pays to check for yourself.

CyberScore™ is a fully automated cybersecurity testing service that assesses the strength of an organisation’s network and defences. It peer rates suppliers based on objective, empirical data and offers a view of your supply chain exposure. It also presents guidance to support the companies most at risk.

Prove that you are taking Cyber Seriously

Alternatively, if you’re a business that needs to demonstrate to a partner that you are acting to remediate risk, CyberScore™ can also help with that. With regular scans, you will be able to stay informed of any vulnerabilities you face as well as receive expert advice on how to remediate them. Your CyberScore™ timeline and your current CyberScore™ allows you to demonstrate that you are creating and improving security features on an ongoing basis.

The timeline shows the result of this commitment. Being able to demonstrate that you regularly scan for weaknesses and monitor continuous improvement of security measures is a powerful statement to make if the worst were to happen. Reports and get-well plans based on empirical data will help your organisation create a paper trail of any issues, helping you to provide evidence that you’ve done all you can to prevent a breach.

For further reading visit –

The Benefits of Regular Network Scanning

Do you know your third-party risk?

Reduce supply chain risk with CyberScore™

XQ Cyber also offers a range of incident response and consultancy services such as Penetration Testing, Cyber Posture Assessments and Incident Response preparedness and testing.

Follow us on FacebookTwitter and LinkedIn