We lock our front doors, cars, and even bikes to deter criminals. It’s a sensible course of action for securing physical property and reducing the risk of damage and theft. However, when it comes to protecting sensitive information, businesses must also consider supply chain cyber risks as a critical aspect of their security strategy.
Why should our digital data be any different?
Guarding information and securing data protects businesses of all sizes. Engaging in robust risk management processes by actively monitoring, reviewing and implementing cybersecurity procedures is imperative to protect organisations and the wider supply chain.
Under lock and key
Cyber Essentials launched 10 years ago as a digital lock against the most common cyber threats. Since then, the government-backed scheme has awarded more than 190,000 organisations with Cyber Essentials certification.
Developed by the National Cyber Security Centre (NCSC) in collaboration with UK businesses, Cyber Essentials helps organisations withstand 80% of the most common cyber-attacks.
A decade on from its launch, the Department for Science, Innovation and Technology (DSIT) and the NCSC issued a joint statement with several financial institutions – Barclays, Lloyds Banking Group, Nationwide, NatWest Group, Santander UK and TSB – calling on the expansion of Cyber Essentials in supply chain risk management processes.
In the statement, the group said:
“High-profile, damaging cyber-attacks have demonstrated attackers’ intent and ability to exploit security vulnerabilities in supply chains across the UK. Without basic cyber hygiene, through a programme like Cyber Essentials, suppliers will continue to be vulnerable as threat actors hone their focus on unprotected businesses.
“Despite this threat, just 6% of UK businesses reviewed the cyber risk of their wider supply chain in the last 12 months. There are a number of reasons for this, including a lack of capacity, capability and tools within businesses. Encouraging organisations to manage their supply chain cybersecurity risk more effectively is a government priority. Wider adoption of the Cyber Essentials certification scheme as a supply chain assurance tool can play a significant role in addressing barriers that organisations face in managing their supply chain risk effectively.”*
Put simply, the UK Government and participating banks want more companies to become certified to help strengthen and protect supply chains from cyber risks.
The statement comes as an independent impact evaluation report[1] showed more than half of Cyber Essentials users (61%) are more likely to choose suppliers that use the scheme than those that do not. In addition, 73% say they have greater confidence working with suppliers that use Cyber Essentials. This confidence is crucial in mitigating supply chain cyber risks, as businesses increasingly rely on secure partnerships to protect sensitive information.
Risk management and business continuity specialist, Helen Barge has spent decades working with organisations to improve their resilience and future-proof against cyber threats.
Speaking about supply chain dangers, Helen, Risk Evolves Managing Director, said:
“It’s imperative organisations have a clear picture of their cyber security level. Vulnerability to basic attacks can mark you out as a target for more criminals.
“Companies will miss out on attracting new business without cybersecurity measures in place. In fact, all organisations bidding for central government contracts which involve handling sensitive and personal information must have Cyber Essentials certification.”
Helen spent 20 years working for technology giant IBM, 12 of those years as Governance Risk and Compliance Manager for the UK and Ireland, before launching Risk Evolves in 2015.
Helen is keen to ensure all businesses are prepared for what may come:
“We know from recent headlines that managing personal data can be perilous. However, despite increased publicity about supply chains many businesses, particularly small- to medium-sized firms, aren’t scrutinising their supply chains and they must.
“Cyber Essentials represents an organisation’s first step on the ladder of data security certifications. It’s a cost-effective way to reassure clients, employees and other stakeholders that you take good care of their personal data.
“While there is a lot for businesses to consider, evolving risks are always accompanied by new opportunities.”
True resilience in business comes from looking beyond the present day and anticipating what may come. By understanding and effectively embracing future risk, we can be prepared, not unaware.
Discover more about Cyber Essentials
Read our article Exposed Vulnerabilities: Building Resilient Supply Chains and review our free catalogue of back to basics and refresher essentials for navigating all risk management and cybersecurity topics.
*The full statement can be read on the UK Government website.
Don't wait for a cyber attack to strike
We're here for you
Contact us for peace of mind, expert guidance and jargon-free training.
Contact Us01926 800710
