Business in the UK are sharing more information than ever before with their suppliers and their customers. This is vital if they are to increase efficiency and productivity. For example, by linking a warehouse stock control system through an ordering system to a supplier, a company can ensure it never runs short of products and there is no need for manual intervention. The ordering system can even predict when any particular product is likely to run out and order well in advance. This simple solution applies to a range of industries including construction.
Companies also share operational, financial and customer data. This makes supply chains much more efficient and productive. The issue is that the data they share must also be secure. A supply chain is only as strong as its weakest link.
Supply chain resilience is regularly featured on the news. It is vital that it is improved for the survival of the businesses involved and for their customers. Also companies have a duty of care to ensure that the data they share is protected especially if it involves IP, financial or customer information.
Data security needs to be a corner stone of any company’s Environmental, Social, and Governance (ESG) policy. However, many consider that they only need to ensure that data is safe within their own systems. They assume that those they share data with have their house in order.
Unfortunately, CEOs and business owners often assume their systems are safe when they are not- especially if they outsource their IT. A common comment is “Cybersecurity is simple. All I need to do is regularly update my virus software.” Equally, the suppliers and customers they share data with are not safe.
These issues are highlighted by the below statistics:
- The Government’s Cyber Security Breaches Survey 2020 shows that 46% of businesses report having cyber security breaches or attacks in the last 12 months. 39% of these were negatively impacted in terms of fines, fixes, lost time and lost business.
- IBM reports that the average data breach costs $3.6m (£2.6m).
- “40% of small business do not regularly update software and a similar proportion do not back up data.” The Federation of Small Businesses
- “A small business in the UK is successfully hacked every 19 seconds” Hiscox 2021 Cyber Report
What is required is a basic level of cybersecurity. We have identified five key points that should form the basis of a national cybersecurity policy. This will support UK businesses in allowing them to freely share data so they can benefit from improved productivity and efficiency and so generate prosperity for the country.
1. Regular Vulnerability Scanning
Regular vulnerability scanning including an easily understood score which can be shared with suppliers and customers is vital. This would involve a monthly scan of a company’s web site which would produce a score, list of vulnerabilities found and a report detailing the issue and its solution. As most cybersecurity breaches start with hackers gaining access to a company’s web site and so on into their e-mail and other systems, this is vital.
Cyber Risk Score is just like a credit score for an organisation’s internal and supply chain cybersecurity. Users get:
- An easy to understand score out of 1,000
- A report listing the vulnerabilities found, how much they impact the organisation’s score and how to resolve them
- A new score and report each month which allows users to monitor their cybersecurity and see it improve as their vulnerabilities are resolved
Cyber Risk Score does not fix the vulnerabilities which means the results given are truly independent. This allows users to either fix the vulnerabilities found internally or tender the work out to their choice of suppliers.
Cyber Risk Score has the ability to score an entire supply chain. It is market leading in terms of price, quality and simplicity. It costs £44.95 per month which is affordable for any business.
2. Employee Training
It is vital that employees receive cybersecurity training. One of the biggest cybersecurity threats is ransomware. This is usually installed when an unsuspecting employee clicks on a link, downloads a file etc from an email. Once a hacker has penetrated a company’s web site, they will gain access to the email server and start sending files etc from genuine email addresses.
3. ESG Training for C-suite individuals
It is important that the CEO and Board understand their duty of care and develop or update their ESG policy. Investors are more attracted to companies with a solid ESG policy while shareholders expect a company to have this in place.
4. Cyber Insurance
It is highly recommended that once a business has put in place basic cybersecurity measures that they get themselves insured. No system will ever be 100% hacker-proof. Companies needs to put in place cyber insurance.
Cyber Risk Score intends on mitigating some of this expense, by negotiating discounted rates for its subscribers, with their trusted insurance partners.
5. Supply Chain Monitoring
It is vital that companies monitor the cybersecurity of the businesses they share data with. They have a duty of care to improve their supply chain resilience and ensure the data they share is properly protected. This can be done by asking suppliers and customers to share their Cyber Risk Score. This allows companies to determine who they can freely data with and who needs to needs to improve their cybersecurity stance before they do.
These are five simple steps that any business can take to measure, monitor and manage their cybersecurity. They also help to improve the cybersecurity and resilience of their supply chains allowing increases in productivity, efficiency and prosperity across the UK.
