Almost a third of British businesses (31 per cent) say they would end their relationship with a supplier that caused them to become the victim of cyber crime due to poor security measures.
This is the finding of a new study by Beaming and Opinium, which also revealed that nearly one in five (17 per cent) would take legal action in order to recover any financial losses they incurred as a result of a supplier’s negligence, while 20 per cent would look to leverage the incident in order to negotiate a discount.
Just three per cent of firms say they would take no action if one of their suppliers led to them becoming a victim of cyber crime.
The survey therefore illustrates a growing recognition that cyber security is not solely an activity that is confined to within a business’ perimeter, but is something that should be seen as a shared responsibility.
Sonia Blizzard, managing director at Beaming, said: “We’ve seen for some time that hackers will seek to infiltrate one organisation as a stepping stone to then attack others. Businesses that neglect to take the steps necessary to protect themselves and their partners could find that a single breach could irreparably damage their hard earned reputations and relationships.”
Indeed, some of the largest data breaches in history have come about as a result of this ‘piggybacking’ on less-secure suppliers. US retailer Target’s 2013 incident, which affected more than 40 million people and cost the company upwards of $160 million in lost business, mitigation and reparations, was traced back to credentials stolen from one of the firm’s third-party vendors.
Beaming’s research revealed small businesses are particularly at risk of damaging the reputation and relationships through poor cyber security. For example, only half of firms with between ten and 49 employees (51 per cent) had a documented cyber security policy.
Meanwhile, just 51 percent of businesses employing fewer than ten people were using a network perimeter firewall to stop threats from reaching their systems, and just one in three (30 per cent) had intrusion detection systems to spot malicious activities or cyber security policy violations.
“For businesses, the consideration of risk must extend beyond their own boundaries to incorporate customers, partners and other organisations they come into contact with,” Ms Blizzard said. “Rather than simply guarding what’s ours, we need a cyber security culture that means we all look out for those we do business with too.”