Large Firms Demand More Stringent Cyber Security from SME Suppliers
The inaugural CybSafe Supplier Cyber Security Study has revealed that today SME have to increasingly prove their cyber credentials to win contracts.
CybSafe, which is based in Canary Wharf, London, is a cyber security e-learning platform/firm that has its foundations in behavioral science. In the survey conducted by CybSafe, it has been found that almost one-third of the SME respondents, when they tried to get contracts in the last one year, have had their cyber security precautions questioned. Similarly, half of the respondents in the survey have had to add cyber security related clauses to their new contracts with enterprise customers.
Daily Mail reports– “One in three small and medium-sized enterprises have had their cyber security precautions questioned as part of winning a contract in the past year, a study by cyber security platform Cybsafe found…Meanwhile, half have had cyber security clauses added to new contracts in the past five years and 44 per cent had been required to show they have introduced a recognised security standard. About 28 per cent have received a demand in the past year alone.”
Yes, 44 percent of SMEs, as per the study, were required by their enterprise customers to have a recognized cyber security standard, like ISO 27001; 28 percent faced this situation in the last one year alone.
This study and its findings gain relevance in the light of the many cyber attacks that have happened in the last many months, some of which have affected big companies/organizations in the UK, stealing customers’ personal data and crippling computer networks. On the one hand, there is the threat posed by the ICO (Information Commissioner’s Office) sanctions while on the other hand there is the General Data Protection Regulation (GDPR); added to this is the fear of reputation damage that could happen as a result of data breaches. It’s because of these reasons that enterprise organizations today are giving much importance to IT security, including the IT security of third party suppliers.
The study by CybSafe has also revealed that 1 in 7 SMEs selling to enterprise had no cyber security protocols in place at all.
The CybSafe Supplier Cyber Security Study has come up with some other relevant findings as well. The study reveals that less than 50 percent of the organizations surveyed have gone in for data protection even before GDPR was implemented. It also revealed that more than two in five among respondent organizations would promptly inform their customers immediately after the occurrence of a data breach and that more than two in five of organizations have opted for cyber insurance against data breaches.