Digital Supply Chains Require a Collective Approach to Cyber Risk
As supply chains undergo rapid digital transformation, the increased interconnectivity and reliance on common technology and platforms means that cyber risk needs to be seen as a collective responsibility.
Digitisation brings major benefits, but also increased and new cyber risk to all parties. The lack of full transparency along the supply chain makes it difficult for organizations to properly assess cyber risk and to gain assurance about the security and integrity of third parties. A supply chain is only as strong as its weakest link — a vulnerability at one vendor or supplier can compromise the entire digital supply chain.
Supply Chain Risk Perceptions
The Marsh Microsoft 2019 Global Cyber Risk Perception Survey revealed disparity in how companies view the risks they and their partners present to the supply chain:
- Only 16% of respondents said they pose a risk to their supply chain.
- But 39% said the cyber risk posed to them from their suppliers was somewhat high or high.
The survey also revealed a disparity between the cybersecurity measures and standards that organisations apply to themselves and those that they expect from suppliers. Generally, respondents were more likely to set a higher bar for their own organisation's cyber risk management measures than they set for their suppliers.
The disconnect in perceptions of risk posed to and by supply chain partners likely reflects a low level of confidence in the ability to prevent or mitigate cyber risks posed by commercial partners.
- 43% of those surveyed said they were not confident in their ability to prevent cyber threats from at least one of their third-party partners.
With growing reliance on IT systems and data, supply chain resilience is emerging as a wider societal and political issue. Digital systems are now essential for the provision of critical services, from energy to healthcare, yet the infrastructure and services that underpin them are often global and interconnected, and therefore exposed to geopolitical risk and subject to regulation.
In an interconnected world, every organisation needs to understand how cyber risks affect supply chains, and must also play a role in building shared security. Building resilience is challenging, but companies increasingly recognise they have responsibilities to facilitate cyber resilience in the supply chain.