Research from Beaming has shown that 31% of UK businesses would cancel contracts with their suppliers if they believed that those suppliers were affected by a cyber attack. The security of one network depends on the security of the networks around them, and 25% of respondents to the survey said that they would not offer contracts to companies without documented cybersecurity policies in place.
Businesses need to understand that they could be targeted as an attempt to gain access to a separate business that is connected to them. Cybersecurity is, it turns out, seen as a shared, collective responsibility that everybody in a chain is responsible for.
This is because a chain is only as strong as its weakest link. Applying this principle to IT security means that not only do you have to secure all the links in your internal chain, but you also have to ensure that your suppliers are equally diligent.
In principle, we should all be able to trust our business-to-business partners to take appropriate security precautions and to appreciate that robust data security is no longer optional. In practice, however, a long run of avoidable security breaches is hard evidence that this is not the case in the real world.
It’s not just small companies who have been caught out, either; the reason some of these data breaches became major scandals was precisely because they involved major organisations, including branches of government, which were of a size and level of financial standing where there were really no excuses.
One solution is to be open about your own security processes and to ask your partners and potential partners about their own.
Customers expect and, indeed, demand, responsibility and accountability from the people and organisations with which they do business. Telling your customers that you were let down by a supplier is not, generally, likely to elicit a lot of sympathy, unless you can clearly demonstrate that you took all possible steps to ensure the soundness of that supplier and that the issue was caused entirely by circumstances outside your supplier’s control.
Customers are not likely to be at all impressed by their data being compromised by companies simply failing to implement an adequate level of security, nor are they going to take kindly to the knowledge that their data was simply handed over to a third-party company without the company to which they originally entrusted it actually taking steps to check that the supplier would handle it responsibly.
It is also worth noting that even if you never hand any of your data over to suppliers, you may still be at risk from their poor security if an attack on their system results in downtime for yours.
End customers can vote with their feet and their wallets, which means that businesses are now becoming more aware of the fact that their survival depends on ensuring the end-to-end strength of any data chain. According to research from internet service provider Beaming, this message is starting to resonate with business leaders. Of the companies surveyed, almost a fifth required suppliers to have cybersecurity insurance as a condition of hiring them, and over a quarter said that they would avoid using suppliers which had been on the receiving end of adverse publicity relating to a data breach.