If you’re in someone’s supply chain (and, being a business, I take that as read), then your customers expect you to be cyber secure.
If you’re not, it looks like you’re in trouble.
A survey released by Opinium shows that 31% of UK businesses would terminate a contract with a supplier whose negligence led to them suffering a cyber breach, with 17% saying they would take legal action to recover any losses occasioned by the breach. 35% of organisations said they would not work with a supplier who they thought might make them vulnerable, while 27% wouldn’t use a company that had been publicly associated with a major cyber breach.
So there you have it: the impacts of a major data breach are possible fines of up to 4% of global turnover, possible class-action law suits, and nearly a third of your customers deserting you.
What can you do about it? Well, apart from being seriously breach ready, the survey offers a clue: 25% of companies said they would not work with a supplier that didn’t have ISO 27001 or Cyber Essentials certification. As I look a couple of years down the track, I see those certifications – together with BS 10012 – becoming very standard, mainstream requirements that surpass ISO 9001 in supply chain importance.