Two-thirds of enterprise suppliers are questioned about their cyber security training


Research by CybSafe found that increasing cyber security requirements are being imposed on businesses supplying enterprise customers.

In its latest Secure the Supply Chain survey, 250 IT decision-makers at small-and-medium-sized suppliers enterprise were questioned about security requirements placed on their businesses. 

It was found that 60% of businesses had to report on their cyber security measures as part of the contract or RFP process, an increase from 52% in 2017.

The survey also identified that 63% of businesses had been asked to fill out cyber security questionnaire, and 66% had been questioned about their cyber security training. Additionally before securing contracts 37% of respondents have been required to achieve a recognised cyber security standard by their enterprise customers. 

Just over half of the respondents (55%) have admitted that their businesses have suffered a data breach within the last five years – to which 29.6% of those surveyed had lost a contract with a customer as a result of cyber security or fraud in the last 12 months. 

Currently only 47% of businesses are utilising cyber security training to ensure staff have the skills needed to avoid cyber attacks. 

Oz Alashe, CEO and founder of CybSafe, commented:

“The cyber security bar for suppliers is being raised every year. While lax cyber security precautions may have gone relatively unnoticed a few years ago, suppliers are now losing out on lucrative deals specifically because of security concerns. With enterprise customers more conscious than ever of the authorities, GDPR, and reputational damage, suppliers will need to alter their practices accordingly in order to stand a chance of becoming a trusted supplier.”

“No company is an island, and the necessity of working with third-party suppliers can open up critical vulnerabilities in an organisation’s line of defence. It is no longer enough for businesses to ensure that their own network is secure, as any supplier, or supplier of a supplier, poses a risk to the entire operation,” Alashe added.  

The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.