The importance of supply chain cybersecurity and risk management 

importance of supply chain cybersecurity and risk management

Posted on January 31, 2023 by Louise Howland

If you receive services of any kind, from fruit delivery to office equipment, you’d expect that your data was safe and secure, and the supplier had mitigated any cybersecurity risks. You expect this, but without asking, how do you know?

Now, imagine a potential customer is looking to you as a supplier. How can you reassure them that you are aware of cybersecurity regulation and regularly train and remind your staff?

The government has called for companies to not only review their supply chain’s cybersecurity, but also consider how government could intervene to ensure a framework and system for cybersecurity supply chain risk management is applied to both UK and cross-border companies.

What are the concerns with supply chain cybersecurity?

According to the 2021 Cyber Security Breaches Survey, only 5% of companies have reviewed their wider supply chain risks, down from 9% in 2020. Just 12% of businesses have reviewed their immediate supplier’s risk. These stark statistics show how few businesses are aware of risks posed by immediate suppliers.

When asked what barriers were preventing risk assessment from happening, there were five key reasons:

  1. Lack of time or money (36%)
  2. Can’t get information from suppliers to be able to check (32%)
  3. Not knowing what checks to carry out (28%)
  4. Not a priority when working with suppliers (27%)
  5. Lack of skills to be able to check suppliers (24%)

The lack of central framework, and requirement for companies to provide this kind of information is simply not there . Essentially, what, how and why this is all necessary is a huge unknown , leaving businesses and consumers at considerable risk.

Who are the priority companies?

While there is a focus for this to be actioned for all companies across the country, and those who transfer data in and out of the UK, there is specific focuses on certain groups of businesses and organisations.

Consumer-facing companies

Personal data is a huge focus and has been since GDPR was introduced. This focus on protecting individuals’ data means that companies who handle payroll data, or consumer data, must be extra cautious in how they handle that information, and how their supply chain does. All it takes is one weak link to break the entire chain, and this can be devastating for individuals, as they often aren’t covered by cyber breach insurance or something similar.

Managed service providers

Those who deliver outsourced or managed services, like how we provide outsourced IT support, become an extension of the business they work with. However, without being held to the same standard, managed service providers may not have reciprocal protections on data being received and transferred, as well as the handling of the service they deliver.

What can companies do?

If you’re looking to risk assess your supply chain, there are important steps you can take. It’s worth knowing that every company will handle this differently, so be flexible in your risk management.

There are some specific things you can do though.

Have a cybersecurity questionnaire and requirements ready

Draw up the items that are a priority for you, what you expect from the supplier and what you will do to protect their data. If a company isn’t willing to meet these expectations, they may not be a company you want to work with.

Your potential suppliers need to be able to show that they care about cybersecurity, and actively implement measures and training for this.

Consult cybersecurity experts

By using a cybersecurity consultant, you no longer need to be the expert, but can rely on someone else to direct your company’s education and defensive measures, from training to monitoring. This includes your risk assessment and management. While they won’t be able to implement changes, having an independent voice in this highly important part of your company can be hugely beneficial.

Be empowered

For smaller companies approaching larger companies, requesting that they adhere to your cybersecurity requirements can be intimidating. It’s important that you feel empowered to request these, and that you have the leverage you need to make such changes. The government wants to introduce a framework to help with this, but knowing your rights and what is reasonable can be hugely beneficial .

How ramsac’s CRC (Cyber Resilience Certification) can help

To help companies feel confident in their cyber supply chain, we created the Cyber Resilience Certification (CRC). This is a badge of approval from our cybersecurity experts and is in three levels. We provide you with details of where you have met our criteria partially, fully or not at all. See how we can help instil trust in your supply chain. Get in touch with ramsac today.

Related Posts

  • AI in Malware Analysis
    April 28th, 2025

    AI in Malware Analysis

    AICybersecurity

    This blog explores how AI is revolutionising malware analysis, providing detailed insights into its methodologies, applications, and benefits.  [...]

    Read article

  • Understanding Data Exposure Risk in SharePoint and OneDrive
    April 1st, 2025

    Understanding Data Exposure Risk in SharePoint and OneDrive

    CybersecurityMicrosoft 365Technical Blog

    As the way we work continues to evolve, proactively managing data exposure in SharePoint and OneDrive is essential to safeguard sensitive information and maintain trust in an AI-driven world. [...]

    Read article

  • Cyber Essentials: Transitioning from the Montpelier to Willow Question Set
    March 11th, 2025

    Cyber Essentials: Transitioning from the Montpelier to Willow Question Set

    Cybersecurity

    Cyber Essentials is evolving, on April 28, 2025, the Willow question set will replace Montpelier. Discover what’s changing, how it affects your certification, and how ramsac can help you [...]

    Read article

  • How to know if a Microsoft security alert is real
    March 5th, 2025

    How to know if a Microsoft security alert is real

    CybersecurityMicrosoft 365

    Microsoft security alert emails help you to know if someone is potentially trying to illegally access your Microsoft account. However, scammers and cybercriminals are well aware of this and [...]

    Read article

  • Infographic: Cybersecurity protection vs home protection
    February 18th, 2025

    Infographic: Cybersecurity protection vs home protection

    Cybersecurity

    Just like protecting your home requires more than a single lock, your business needs multiple layers of cybersecurity to stay resilient. Discover how home security principles apply to cyber [...]

    Read article

  • Hacker Misconceptions: The Good, The Bad, and The Grey
    February 5th, 2025

    Hacker Misconceptions: The Good, The Bad, and The Grey

    Cybersecurity

    When you hear the word hacker, you probably think of criminals in dark hoodies, but the reality is far more complex—some hackers protect us, some exploit us, and some [...]

    Read article

Quiz yourself

Are you more cyber savvy than an 11 year old?

11-14 year olds get asked these questions in school. Could you get these right?

X