Cyber security: Large firms scrutinise SME suppliers’ defences

Large organisations are increasingly scrutinising SMEs’ cyber security when considering signing them on as suppliers, according to a new report.

In a survey by CybSafe, a third of small- and medium-sized businesses reported having their security measures questioned when negotiating contracts over the last year.

Meanwhile, half of the SMEs surveyed said they have had cyber security clauses added to their contracts in the last five years, showing firms’ increasing cyber awareness.

And in addition, 44 percent of respondents had been required to have a recognised cyber security standard, such as ISO 27001, by their enterprise customers.

The findings show that large organisations are scrutinising their suppliers more closely in the run-up to the introduction of the EU’s General Data Protection Regulation in May 2018, which threatens fines of €20 million (£18 million) or four per cent of global turnover – whichever is greater – if a breached firm is found to have been negligent.

However, at the other end of the scale, one in seven SME respondents who sell to larger enterprises said they have no cyber security protocols in place at all.

“The CybSafe Supplier Cyber Security study shows the extent to which enterprise focus on securing the supply chain has increased in recent years in light of increased sanctions for data loss and high-profile data breaches,” said Oz Alashe, CEO and founder of CybSafe.

“This represents a unique opportunity for enterprise to effect cyber security change on a much greater scale.

“By insisting on a greater focus on cyber security from SME suppliers, these businesses can play an influential role in reducing overall cyber risk and increasing mass awareness of cyber security throughout the business community, from supplier to enterprise.

“This can only be a positive impact on the progression of cyber risk awareness in society as a whole. The more enterprise sees cyber security as a value-add, the more SMEs will change online practices to become that trusted vendor.”

Photo © binaryproject / 123RF Stock Photo