A survey of more than 320 information technology (IT) professionals suggests that while many are not confident of their supply chain partners' ability to protect data, few are taking steps to remedy the problem.
The Tripwire 2016 Supply Chain Survey, conducted by Dimensional Research for the security and compliance solution provider Tripwire Inc., found that 81 percent of IT professionals are confident in their own ability to protect sensitive customer data. They are far less certain, however, of the abilities of their supply chain partners. Nearly half (47 percent) of the respondents said they are not sure that their business partners and suppliers are taking adequate steps to protect their data from unauthorized access or attack.
In spite of that lack of confidence, the majority of surveyed IT professionals indicated that security breaches were not a top concern at their companies. According to the study, 56 percent of respondents agreed that it was a distinct possibility that a security breach at a supplier or partner could expose valuable data but said they had other, bigger concerns to address. Thirty-nine percent said they were extremely concerned, while 5 percent said they were not concerned.
The survey unearthed evidence that many companies are not taking adequate steps to ensure that their business partners are following best practices. For example:
- Less than half (44 percent) said their organizations require partners and suppliers to pass security audits before they sign a contract with them.
- More than one-third (34 percent) use partners and suppliers that fail to meet their security standards.
- One-quarter admitted that their organizations do not evaluate whether suppliers met their security requirements.
- Half said they make exceptions or offer different standards for some partners.
In light of this evidence, supply chain managers may need to step in and play a more active role. Indeed, in an article in the Q2/2015 issue of CSCMP's Supply Chain Quarterly—"Is your supply chain safe from cyberattacks?"—security expert Drew Smith contends that supply chain professionals need to be aware of what the risks are, identify which areas of their supply chain may be vulnerable to cyberattacks, and make sure their suppliers are following best practices.
