How are cyber-attacks costing you in your supply chain?


How are cyber-attacks costing you in your supply chain?

Mark Keelan, Director of Compliance Practice, UST

Global supply chains need to address cybersecurity and risk management and make it a top business priority.

Mark Keelan

Mark Keelan, Director of Compliance Practice, UST

First the pandemic and now the cyber pandemic. Our supply chain is not in good shape, and the risk of cyber-attacks through supply chains is higher than ever, the effects of which can be devastating. In fact, 50% of all supply chain disruptions in the US are caused by cyber-attacks.

Examples of supply chain issues include exorbitant container costs, fundamental construction supplies delayed by months, four out of five new cars selling at higher than MSRP due to the lack of supply.

With all these issues, cyber-attacks can be the straw that breaks the camel’s back.

Cybersecurity and supply chain efficiency are closely intertwined. Global supply chains need to address cybersecurity and risk management and make it a top business priority. The need to fortify against the ever-increasing and damaging cyber-attacks has never been more critical. The wait times at shipping ports, increasing demands, manufacturing issues, and labor shortage, among others, have made supply chains increasingly brittle and fragile.

Global supply chains are exceptionally vulnerable to attack in their current condition. They felt the strain of pandemic-driven shopping which nigh broke its back and continues to weigh it down almost two years down the line. As millions worldwide veered toward online shopping during the shutdown, shipping and logistics demand increased. Some industries experienced unprecedented spikes in demand, like the computer and chip shortages. Supply chain issues in these areas held up

production for car manufacturers and others, lately, even garage doors, leading to losses.

There is a need for more robust cybersecurity measures in supply chain management. CISA has urged all organizations to heighten their cybersecurity and protect their most critical assets. The best way to increase the cyber resiliency of your supply chain is to assess and measure your supplier’s cyber readiness and maturity. It is near impossible to improve what you have not measured.

Understanding the impact of a breach and supply chain risks

Cybersecurity is more than installing anti-virus software; it needs to be a gatekeeper for every stage of the supply chain. Organizations must be aware of everyone with access to their network or systems. Any third party they interact with throughout the supply chain, from suppliers and contracted maintenance companies, can be a risk. The security of all in the supplier network directly affects the organization.

The breach goes beyond companies. It is important to remember that organizations, as well as their suppliers and organizations, are responsible for end-consumer data. Last year, the European Union Agency for Cybersecurity (ENISA) reported that 66% of supply chain cyberattacks targeted and breached their security. A staggering number that has continued to grow. When payment data gets compromised, customer information is at risk as well, a common target for cyber attackers.

With more organizations going remote, software usage has increased. It is a compelling security risk as more employees interact with its data or network. In an extensive supply chain network, this risk is manifold.

Why is this critical?​

The cost of supply chain disruptions is staggering. Considering that cyber-attacks cause 50% of the disruptions, it is clear the financial payback far exceeds the costs of reducing the cybersecurity risk in your supply chain. For most, if not all, companies, reducing cybersecurity risk is low-hanging fruit.

Even a small reduction in the quantity and severity of cyber-attacks can provide both immediate and ongoing savings. To quantify the cost of supply chain disruptions, consider this - the pre-pandemic cost for the US and the EU was $4 trillion annually. If 50% are the result of cyberattacks, a 20% reduction would result in a $400 billion return.

Other reasons to consider are:

How to minimize and manage cyber supply chain risk

The global supply chain problem may seem overwhelming, but it can be managed well with the right tools, platforms, and partners.

According to the National Institute of Standards and Technology (NISTIR 8276), the first step toward effective cyber-supply chain risk management (C-SCRM) is to complete

a thorough risk assessment. The analysis must cover every level of the organization and assess your supply chain's cybersecurity and safety. Opting for an advanced platform that provides a measurable and actionable approach to cybersecurity, regulatory compliance, and cyber supply chain risk is the right step forward.

The next step is to reach out to your suppliers to discuss security and risk management methods, a process everyone will benefit from, and quickly find the weakest links. They can be incorporated into a supplier community portal to make it easy to assess your supply chain risk across complex global supply chains.

Once the assessment is complete, it is time to put strong security measures in place with the help of advanced technology. An enterprise platform that provides high-quality security resources​ is the most effective way to improve resilience and supplier cyber readiness. ​

A focused approach to avoid crime-related delays, data breaches, and financial losses will help fortify defenses. Working with technology partners will help organizations do so without additional burden on current staff​.

A quick overview:

To learn more about the most efficient path to minimizing cyber supply chain risk, fill out the form below to get a Free NIST Cybersecurity Maturity Assessment.