Russell Sassoon
Supply chain cyber attacks are on the rise – a company is only as strong as its weakest link.
The challenges for you as a Head of Procurement include the increasing emphasis on ensuring supply chain security. Collaborating across industry and supply chains is key to success.
The resulting questions for you as a Head of Procurement include:
You should ensure oversight and control over your most critical third-party relationships, such as conducting risk assessments and due diligence where possible, whilst ensuring robust security protocols are in place around information sharing. Identifying the third-party relationships that are either most critical to your business operations or could have the greatest impact from a cyber incident will help you to identify the list of ‘critical suppliers’ on which to focus.
But more importantly, aim to build relationships and co-ordinated response plans so that should the worst happen, you can collaborate effectively with your partners to contain incidents quickly and restore services.
Whilst there is no way to ensure protection, a key part of managing your third party risk is identifying the suppliers and other partners who would present the most material risks if they came under attack. You can then bring them into your simulations and scenario planning in areas such as how to sustain services if access to compromised data needs to be curtailed or closed.
Being able to collaborate effectively with your key third-party suppliers will help to build resilience across your supply chain in the event of an attack.
It can be difficult to navigate today’s varied and extensive securities services market. It’s therefore important to have a robust process for scanning the market and selecting vendors. Where is the real value? Will it be delivered? Are we applying sufficient competitive tension rather than relying on a single supplier?
In managing securities services contractors, further questions include whether the responsibilities of in-house and third-party teams are defined and delineated clearly enough? Is it clear who is liable if there’s an attack?
It's also important to ensure that contractors are keeping to their commitments and delivering full value for money. And when renewing, make sure that contract terms reflect the changing nature and scale of the cyber threats.
At Berkeley, we have experience of helping Heads of Procurement answer these questions through all stages of their cyber journey. We can help you to:
Discover the key cyber-related questions other members of your leadership team should consider
Strengthen your security and readiness to respond. Read more.
Allocate the right roles and responsibilities. Read more.
Create a culture of security across your organization. Read more.
Know the right questions to ask to cut through the jargon. Read more.
Ensure external stakeholders are satisfied. Read more.
Improve your ability to navigate the cyber landscape. Read more.
Enhance your security and risk management. Read more.
Share: