Organizations can reduce their third-party risk by clarifying whether they or their suppliers are responsible for supply chain risk management, according to NCC Group research of 1400 cybersecurity leaders around the globe.
Around one-third of surveyed cybersecurity professionals said that they are more responsible for preventing, detecting and resolving supply chain attacks than their suppliers. However, 53% said that their company and its suppliers are equally responsible for the security of supply chains.
If security departments, enterprise leadership and third-party vendors don’t form a clear line of communication, supply chain risk could increase if firms are not conducting appropriate due diligence on their suppliers.
Despite this, 49% of the organizations surveyed said that they did not stipulate security standards that their suppliers must adhere to as part of their contracts. In addition, 34% said that they do not regularly monitor and risk assess their suppliers’ cybersecurity arrangements.
The research suggests that cyberattacks on company supply chains increased by 51% between July and December 2021. Only 32% of organizations were “very confident” that they could respond quickly and effectively to a supply chain attack.
Explore more research findings here.