More than half (57%) of UK businesses have been impacted because of a cybersecurity/information security incident caused by a third-party vendor or supply chain partner, according to new research published by ISMS.online.
The report found that nearly one in three (30%) cite managing vendor and third-party risk as a top information security challenge, with average fines following a data breach or violation of data protection at £237,402.
Luke Dash, CEO of ISMS.online, said: “As organisations strive to protect their most valuable information, it’s crucial to recognise that effective information security relies not only on internal efforts but also on the external partners and suppliers they work with and the effectiveness of their risk management strategies. Findings from our latest report show that nearly one in three (30%) cite managing vendor and third-party risk as a top information security challenge. And with the average fine nearing a potentially crippling quarter of a million pounds, it’s time business leaders took stock.
“Research from McKinsey found that on average, an auto manufacturer, for example, has around 250 tier-one suppliers, proliferating to 18,000 across the full value chain. This leaves a huge opportunity for data breaches. Investing in infosec protects information assets, builds trust, wins business and highlights efficiencies that make a measurable difference to an organisation’s bottom line. In other words, good information security practices are good for business.”