Although associating with third parties and outsourcing certain processes provides many benefits – from reducing costs to leveraging their expertise – many organisations choose to overlook the security risks accompanying these benefits. According to a recent survey conducted by Tripwire at the IP EXPO Europe in London earlier this month, 63 percent of the respondents said their organisation would refuse to use partners and suppliers that failed to meet their IT security standards. Despite these concerns, however, only 53 percent of respondents said they require their partners and suppliers to pass security audits. “In the context of supply chains, security risk becomes a communicable disease,” said Dwayne Melancon, Tripwire’s chief technology officer. “As customers become aware of this fact, they will insist that supply chain owners and participants are designing and operating with security in mind,” he added.
“Customers will only trust supply chain security if we can prove that foundational security controls are in place and effective.”
Additional key findings from the study included:
- 62 percent of the respondents said they are required to meet their customers’ security standards.
- 63 percent believe their customers would lose confidence in them if one of them suffered a serious data breach.
- 46 percent of respondents said they would lose contracts and be fined by a regulator or government agency if one of their partners or suppliers suffered from a serious data breach.
- 22 percent of respondents said their organisations do not have the resources to check supplier contracts and ensure they meet their businesses security requirements.
Source: Tripwire IP Expo Survey Regardless of how robust an organisation’s security practices may be, complacent third party vendors can inevitably bring a list of unknowns into a business relationship. For more information, visit: https://www.tripwire.com/company/research/tripwire-ip-expo-survey/.