Of over 1,000 C-suite and other executives, almost half (44.9%) expect an increase in the number and size of cyber events targeting their organizations’ supply chains in the year ahead, according to a new Deloitte poll. The expected increase seems to indicate higher go-forward concerns, as just 33.8% of respondents say their organizations experienced one or more supply chain cybersecurity events during the past year.
“While negative cyber events—like any business disruption—can be the most powerful catalyst for improvement, we see leading organizations working to build more proactive capabilities to detect and mitigate potential cyber threats in their supply chains,” said Sharon Chand, a Deloitte Risk & Financial Advisory principal and cyber risk secure supply chain leader, Deloitte & Touche LLP. “It’s not a simple feat but aiming to achieve greater supply chain visibility and third-party cyber risk management can help bolster and speed organizations’ post-incident recovery and resilience.”
Part of improved supply chain visibility can include third-party risk assessments. While nearly half of respondents’ organizations conduct third-party risk assessments prior to new vendor engagement (46.5%), just 29.1% of that group also repeat those assessments at least annually as well. Unfortunately, 20.9% of respondents say their organizations do not conduct third-party risk assessments to support broader supply chain security.
Chand continued, “Third-party risk assessments can range from conducting surveys of those entities’ practices to requesting software bills of materials (SBOMs) for components of larger products. But in order to ask such things of your third parties, you need to have the infrastructure in place to process their inputs. Building such capabilities can help organizations protect their supply chains and defend against future security threats.”