CSCMP's Supply Chain Quarterly
October 22, 2018
Forward Thinking

How secure is the data in your supply chain?

A survey of 320 IT professionals found that fewer than half are confident that their business partners are practicing good cybersecurity.

A survey of more than 320 information technology (IT) professionals suggests that while many are not confident of their supply chain partners' ability to protect data, few are taking steps to remedy the problem.

The Tripwire 2016 Supply Chain Survey, conducted by Dimensional Research for the security and compliance solution provider Tripwire Inc., found that 81 percent of IT professionals are confident in their own ability to protect sensitive customer data. They are far less certain, however, of the abilities of their supply chain partners. Nearly half (47 percent) of the respondents said they are not sure that their business partners and suppliers are taking adequate steps to protect their data from unauthorized access or attack.

In spite of that lack of confidence, the majority of surveyed IT professionals indicated that security breaches were not a top concern at their companies. According to the study, 56 percent of respondents agreed that it was a distinct possibility that a security breach at a supplier or partner could expose valuable data but said they had other, bigger concerns to address. Thirty-nine percent said they were extremely concerned, while 5 percent said they were not concerned.

The survey unearthed evidence that many companies are not taking adequate steps to ensure that their business partners are following best practices. For example:

  • Less than half (44 percent) said their organizations require partners and suppliers to pass security audits before they sign a contract with them.
  • More than one-third (34 percent) use partners and suppliers that fail to meet their security standards.
  • One-quarter admitted that their organizations do not evaluate whether suppliers met their security requirements.
  • Half said they make exceptions or offer different standards for some partners.

In light of this evidence, supply chain managers may need to step in and play a more active role. Indeed, in an article in the Q2/2015 issue of CSCMP's Supply Chain Quarterly"Is your supply chain safe from cyberattacks?"—security expert Drew Smith contends that supply chain professionals need to be aware of what the risks are, identify which areas of their supply chain may be vulnerable to cyberattacks, and make sure their suppliers are following best practices.

Join the Discussion

After you comment, click Post. If you're not already logged in, you will be asked to log in or register.

Want more articles like this? Sign up for a free subscription to Supply Chain Executive Insight, a monthly e-newsletter that provides insights and commentary on supply chain trends and developments. Click here to subscribe.

We Want to Hear From You! We invite you to share your thoughts and opinions about this article by sending an e-mail to ?Subject=Letter to the Editor: Quarter 2016: How secure is the data in your supply chain?"> . We will publish selected readers' comments in future issues of CSCMP's Supply Chain Quarterly. Correspondence may be edited for clarity or for length.

Want more articles like this? Subscribe to CSCMP's Supply Chain Quarterly.