More than half (57%) of UK businesses have been impacted because of a cyber security/information security incident caused by a third-party vendor or supply chain partner, according to new research published by ISMS.online.
The report found that nearly one in three (30%) cite managing vendor and third-party risk as a top information security challenge, with average fines following a data breach or violation of data protection at £237,402.
This report closely follows the warnings by the newly appointed Deputy Prime Minister Oliver Dowden about credible incoming attacks targeting critical national infrastructure and supply chains by unpredictable actors.
These are just a few of several findings in ISMS.online’s latest State of Information Security report, which surveyed 500 information security (infosec) professionals in the UK, comprising managers, directors, and C-level executives.
According to the survey, businesses often respond to cyber incidents by increasing information security budgets and team sizes; however, in many cases, this is too late, with businesses facing heavy financial penalties following an attack, not to mention the immeasurable reputational damage a breach can cause.
And despite 90% of infosec leaders agreeing that leadership teams view strong information security as a top priority, only two-thirds (64%) expect to increase their infosec budgets in the next 12 months, and just over half (54%) intend to bolster their teams.
Luke Dash, CEO of ISMS.online, said: “As organisations strive to protect their most valuable information, it’s crucial to recognise that effective information security relies not only on internal efforts but also on the external partners and suppliers they work with and the effectiveness of their risk management strategies. Findings from our latest report show that nearly one in three (30%) cite managing vendor and third-party risk as a top information security challenge. And with the average fine nearing a potentially crippling quarter of a million pounds, it’s time business leaders take stock.
“Research from McKinsey found that on average, an auto manufacturer, for example, has around 250 tier-one suppliers, proliferating to 18,000 across the full value chain. This leaves a huge opportunity for data breaches. Investing in infosec protects information assets, builds trust, wins business, and highlights efficiencies that make a measurable difference to an organisation’s bottom line. In other words, good information security practices are good for business.”
ISMS.online is a leading SaaS company empowering businesses to achieve simple, secure and sustainable data privacy and information security compliance through its user-friendly platform.