Cyber security deprioritised at height of supply chain disruption

Despite a widely reported rise in cyber attacks, some businesses deprioritised cyber security at the height of last year’s supply chain disruptions resulting from the pandemic, port closures, HGV driver shortages and challenges associated with Brexit.

This is among the findings of a joint report from Kaspersky and freight transport insurer TT Club, which suggests that both enterprises and SMEs are showing a degree of complacency when it comes to protecting the resilience of their supply chains. Even though almost three-quarters (72%) of companies state cyber security threats are their number one concern, only a third (33%) have the necessary internal resources and knowledge to respond to an incident. And just 35% are certain they have taken every possible step to mitigate third-party risks in their organisation.

The findings suggest that companies that deprioritised cyber security did so in favour of other real-time challenges, such as HGV driver shortages and other logistical issues caused by the pandemic.

“At TT Club we are constantly assessing the risk profile of the global supply chain and alerting the industry to our concerns, hence our support of this unique report,” commented TT Club’s managing director, loss prevention, Mike Yarwood. “One should not underestimate cyber criminals. They are agile, focused and highly sophisticated, presenting a significant threat to businesses in the global supply chain. As we emerge from the COVID-19 pandemic, TT would encourage a re-evaluation of cyber risk policies and urge operators to satisfy themselves that sufficient resource is allocated to addressing this threat. Resilience in the face of cyber risk is critical.”

David Emm, principal security researcher at Kaspersky, added: “The pandemic, Brexit and supply chain crisis have complicated the cyber threat landscape, making it crucial that organisations take steps to defend against evolving threats under new circumstances. Cyber attacks and data breaches can be highly injurious to any business in terms of damage to reputation, costs of remediation, lost business and other expenses. Companies must ensure they only share data with reliable third parties and extend their existing security requirements to suppliers. We urge businesses large and small to scrutinise their suppliers’ credentials as part of the standard due diligence and contracting process, or risk sleepwalking into a cyber security disaster.”

Research was conducted during November and December 2021 by Arlington Research, who canvassed the views of 240 C-suite, middle managers (director level and above) and senior managers who are also sole or joint decision makers for cyber security, IT and information security, across both SMEs (businesses with an annual revenue of less than £/€100m) and enterprises (businesses with an annual revenue of more than £/€100m). 150 interviews were completed in the UK (100 SMEs and 50 enterprises) and 90 interviews were conducted across Benelux (75 SMEs and 15 enterprises).

Image courtesy BSI

    Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023