UK Firms Failing to Assess Cyber Threats
A survey has revealed nearly 70% of UK firms do not assess the suppliers and customers they trade with for cyber risk.
The study revealed that as a result of this failure businesses are making themselves more vulnerable to cyber attacks. The report conducted by insurance broker and risk management firm Marsh polled risk managers and chief financial officers from more than 100 large and medium-sized UK firms.
The firm's cyber risk survey revealed that nearly 70% of respondents do not assess both the suppliers and customers they trade with.
More than half of those surveyed also stated that their organisations have not been asked to demonstrate a competent standard of their IT security practices to their bank and customers in order to do business with them.
Marsh's cyber risk practice leader in Europe believes more work needs to be done to consider cyber security as an issue in business, as opposed to a technical problem if organisations are to reduce the threats from cyber attacks.
He said: "This is especially true for larger organisations, which attract highly motivated and sophisticated hackers that might identify smaller business partners that are typically less well protected as the 'back door' into their IT systems."
An expert panel who spoke at Infosecurity Europe 2015 in London said organisations should include supply chain security as part of their strategy to reduce the risk of cyber breaches.
There have been several high-profile cyber breaches in recent years where information security weaknesses at suppliers have been responsible. For example, malware-based phishing emails were sent via an air conditioning supplier to US retailer Target back in 2013.
Director of the UK computer emergency response team Chris Gibson believes supply chain security is an important area of focus for an organisation aimed at supporting critical national infrastructure.
He said: "We are very cognisant of the fact the information security of suppliers is just as important as that of providers of critical infrastructure. We work a lot of cases that are deep down in the supply chain."
Return to internet news headlines
View Internet News Archive