- Argentina(Español)
- Österreich (Deutsch)
- Belgique (Français)
- België(Nederlands)
- Brasil (Português)
- Canada (Français)
- Chile(Español)
- China(Chinese)
- Colombia(Español)
- Czechia(Czech)
- Denmark(Danish)
- República dominicana(Español)
- France (Français)
- Deutschland (Deutsch)
- Hungary(Hungarian)
- Italia(Italiano)
- 日本(日本語)
- Kazakhstan(Kazakh)
- Kazakhstan(Russian)
- Luxembourg(Français)
- Mexico(Español)
- Maroc(Français)
- Nederland(Nederlands)
- Panamá(Español)
- Perú(Español)
- Poland(Polish)
- Portugal (Português)
- Puerto Rico(Español)
- Romania(Romanian)
- Slovakia(Slovak)
- España (Español)
- Taiwan(Chinese)
- Tunisie(Français)
- Turkey(Turkish)
- Ukraine(Ukrainian)
- United States(English)
- Uruguay(Español)
- Venezuela(Español)
Digitized Supply Chains Bring New Cyber Risks
The increasing interdependence and digitalization of supply chains bring increased cyber risk to all parties, but many firms perceive the risks as one-sided, according to the Marsh Microsoft 2019 Global Cyber Risk Perception Survey.
Perceptions of Supply Chain Risk Vary Greatly
The survey found a wide discrepancy in many organizations’ view of the cyber risk faced from supply chain partners, compared to the level of perceived risk they themselves pose.
This variance is consistent across industry sectors and geographic regions, and the largest organizations exhibited the largest dissonance: 61% of companies with revenues of $5 billion or more say their supply chain partners pose a risk, whereas only 19% say they themselves pose risk to 3rd parties.
Low Confidence to Manage 3rd Party Risk
The disconnect may be driven by organizations’ low confidence in their ability to prevent or mitigate cyber risks posed by commercial partners. The share of organizations who are “highly confident” about mitigating cyber threats from supply chain partners ranged from lows of 5% to 15%, depending on the type of third party. The proportion who are “not at all confident” was generally twice as high, ranging from 13% to 30%. Overall, 43% reported “no confidence” in their ability to prevent cyber threats from at least one of their third-party partners.
Midsize firms reported the strongest confidence in managing suppliers. For example, 71% of firms with revenues between $100 million and $1 billion were “fairly” or “highly confident” in their ability to mitigate risks from outsourced business process providers, compared with 60% in all other size categories.
This may suggest that midsize firms are small enough to know their supply chain partners’ risks, yet large enough to have the resources to adequately assess and manage them.
Expectations for Third-Party Risk Management
There was also a disparity between cybersecurity measures and standards that organizations apply to themselves, versus those they expect from suppliers.
On balance, respondents were more likely to set a higher bar for their own cyber risk management measures than for their suppliers’.
For example, 56% of organizations said they expect supply chain partners to implement employee training, but 71% said their own organization had implemented training.
Likewise, only 73% expect 3rd parties to improve computer and system security, whereas 89% of companies require that of themselves.
Such disparities could lead organizations to think their suppliers are less prepared to manage cyber risk than they themselves are, thus diminishing the organization’s trust in its supply chain.
Supply Chain Risk Must Be a Shared Responsibility
In a world of hyper-connected supply chains, there is a critical need for shared responsibility for supply chain risk.
Every organization needs to understand, have confidence, and play a role in the integrity and security of its digital supply chain.
“Technological social responsibility”, the recognition by each organization of its role and cybersecurity obligations within the supply chain, should be on the agenda for all industry leaders.
RELATED RESOURCES
- Shifting cyber insurance market gives cause for cautious optimism
- Cyber resilience: 12 key controls to strengthen your security
- Risk in Context Podcast: Cyber incident management best practices
- Risk in Context Podcast: Better Cyber Hygiene Through Security Controls
- Risk in Context Podcast: The Evolving Threat of Ransomware
- From cybersecurity to cyber resilience: Four steps to move from numbers to action
- Defining and uncovering cyber risks in your digital supply chain
- Cyber hygiene controls critical as cyber threats intensify
- Digitized Supply Chains Bring New Cyber Risks
- New Cyber Regulation May Significantly Impact the Digital Supply Chain
- Cyber Insurance Purchasing Grows Again in 2019
- 3 Best Practices to Reduce Supply Chain Cyber Exposure
- Risk Management Guidelines for Mobile Devices
- Setting the Record Straight on Cyber Insurance
- Cyber, Simplified! Knowledge Hub
- Ransomware Stats Every Business Needs to Know
- 3 Best Practices to Prepare for a Ransomware Attack
- What the Microsoft Exchange Server Exploit Means for Companies
- 2019 MMC Cyber Handbook
- Digital Supply Chains Require a Collective Approach to Cyber Risk
- Password Managers: Help to Protect Personal and Business Data
- Mining for Virtual Gold: Understanding the Threat of Cryptojacking
- Insurance Implications of Cybercrime for Financial Institutions
- 2019 Global Cyber Risk Survey - Marsh and Microsoft Webcast Replay
- Webcast Replay: Managing Cyber Risk in Life Sciences Technology
- Two Years On, GDPR Continues to Shape Global Privacy Regulation
- Blockchain Technology and Digital Assets: Top 10 Reasons Why Insurance Matters
- Cyber Insurance is Supporting the Fight Against Ransomware
- Digital Deception: Is Your Business Ready for Deepfakes?
- New Cyber Threats and Regulations Call for Urgency
- Boards Need to Stay on Top of Changing Cyber Insurance Markets
- Cyber Risk Management Response and Recovery
- New Manufacturing Report Ranks Cyber Threat and Supply Chain As Top Concerns
- Best Practices for 1st Party Cyber Coverage in Energy, Power, and Renewables
- Blockchain Risk and Regulation: Are You Prepared?
- Adapting Cyber Incident Response Plans for the Remote Workforce
- Why HR is a Key Stakeholder in Cyber Risk Management
- Guidance for Our Clients Regarding the SolarWinds Cyber Incident
- Quantifying Cyber Risk
- Cybersecurity After COVID-19: Refocus on Resilience
- COVID-19: Next Steps for Your Cyber Insurance
- Canada Pushes Ahead with Plans to Overhaul Privacy Laws
- Are You Protected Against the Financial Impact of Ransomware?
- Marsh Explains Silent Cyber and Provides Guidance to Help Maximize Cyber Coverage
- Webcast Replay: Navigating a World of Elevated Risk: Implications for Cyber Risk Management
- Ransomware: Paying Cyber Extortion Demands in Cryptocurrency
- Ransomware: Remove Response Paralysis with a Comprehensive Incident Response Plan
- Low Appetite for Cyber Regulation Except Against Nation-State Attacks
- Embrace of New Technology Adds Further Cyber Risk Complexity
- 2022 Marsh and Microsoft global cyber risk survey
- A cyber continuum: New ‘cyber war’ exclusion language raises concerns
- What’s Trending in Cyber Insurance?
- The State of Cyber Resilience
- Cyber resilience: 12 key controls to strengthen your security
- Risk in Context Podcast: Debunking common cyber insurance myths
- Using data to prioritize cybersecurity investments
- Digital innovation and cyber risk in global supply chains
- Understanding Cyber Insurance video series
- New SEC rules place deadline on disclosing material cyber events
- 10 Tips for Cyber Incident Response Preparedness
- Navigating the SEC’s cybersecurity disclosure rules