Businesses are overestimating their ability to respond to supply chain cyberattacks and their visibility over suppliers, according to new research from NCC Group.
“Global supply chains are the engine of modern business, so it is critical that their security is a priority for leaders, especially when global ransomware levels are at a record high this year. The outbreak of high-profile supply chain attacks we have seen this year must be taken as wake up call. These attacks have real world consequences, delaying medical procedures, grounding flights, leaving shelves empty and putting the economy and jobs at risk. In the face of such a threat, it is shocking that 92% of respondents trust their suppliers to follow cyber security best practices. Time and time again, threat actors are profiteering from this overconfidence, using straightforward techniques to access virtually unguarded supply chain networks,” says Mike Maddison, CEO of NCC Group.
Key takeaways:
· The State of Supply Chain Security report reveals that the vast majority (94%) of businesses are confident in their ability to respond to a supply chain attack, despite that nearly half (45%) experienced a cyber security breach in the last year.
· Half (49%) of the organizations that suffered a breach said the attack suspended operations.
· 92% of organizations trust their suppliers follow cyber security best practices.
· However, high trust levels could be leaving businesses and their supply chains vulnerable to threats, with the research showing one-third (34%) are not regularly monitoring suppliers or conducting risk assessments, and only 34% claiming to have full and detailed insight into their supply chain’s cybersecurity.
· Despite businesses understanding that security threats are growing, with 68% expecting attacks to become more severe in the next 12 months, the data suggests a lack of awareness about the impact that a supplier attack could have on day-to-day business operations. One-fifth (21%) of organizations surveyed believe they wouldn’t be affected if a key supplier was unable to operate for five days.
· 59% of respondents say artificial intelligence is the No. 1 factor organizations expect to increase supply chain security risk over the next 12 months.
· 45% of suppliers say the cost of cybersecurity measures is the greatest pain point with regards to cybersecurity and compliance.
· Only 36% of organizations say they have visibility over how their supply chain stores and protects business-critical data relating to their organization.
· 59% are concerned about the level of visibility they have over their supply chain
· 90% are confident that cyber security standards and policies reduce the risk of supply chain attacks. Yet, the introduction of more legal frameworks could make managing supply chains more complex for global businesses.
