Main menu


Cybersecurity: Growing Supply Chain Security Risks

Growing Supply Chain Security Risks

Cybersecurity: Growing Supply Chain Security Risks

According to the KPMG Global CEO Survey  , published by KPMG , business executives see cybersecurity as “no longer a sprint, but a long-distance race to catch up with increasingly sophisticated cybercriminals.” You can see that
But with the unstoppable pace of digital transformation (DX) and the corresponding complexity of third-party security, today's "marathoner" must increase both endurance and speed.

Cybersecurity: Digital supply chains are reality, not science fiction

By leveraging third-party suppliers and technology partners, and implementing cloud-based solutions and artificial intelligence-powered design, production, support and service processes, companies are enabling greater innovation, speed and efficiency.
The digitization of supply chains has been around for at least a decade, but COVID-19 has driven greater speed, visibility and flexibility, making it a sure bet. accelerated. In fact, respondents to the KPMG Global CEO Survey have expressed ambitious plans for the next three years. About half of respondents plan to partner with third-party cloud technology and data providers, or collaborate with innovative start-ups, and 70% of respondents said that "new A strong partnership is essential,” he said.

Such rapid innovation is often implemented prematurely. In other words, companies make significant investments to outsource, coordinate and automate their supply chains, but may not have gone through the necessary due diligence to identify and mitigate the new risks of this coordination. about it.
It is also true that they often do not take steps to update their third-party risk controls to address these cyber risks. Nor does it make complementary security investments to enable early warning capabilities across the supply chain.
Given the rapid digitization of supply chains, this gap is understandable. KPMG estimates that the average Fortune 500 company has at least 10,000 vendor relationships, and many internal security and risk management functions are struggling to keep up with the speed of DX.

In particular, 58% of respondents to the " KPMG Global CEO Survey  " answered that they were "very well prepared" or "well prepared" for future cyberattacks. You may wonder if today's business leaders are fully aware of supply chain risks. You probably haven't thought about the supply chain connections that have been added in recent years.

Cybersecurity: Understand the risks hidden in your supply chain

Fortunately, the KPMG Global CEO Survey  shows why business leaders are getting to grips with supply chain challenges. Let me give you an example.

When asked about the main steps they plan to take to build their “digital resilience” over the next three years, 48% said they would focus on “security and resilience of their supply chain/supplier ecosystem.” 40% will invest in developing a secure and resilient cloud-based technology infrastructure. In addition, 79% said that “protecting the partner ecosystem and supply chain is just as important as building cyber defenses for their organization.”
These are positive indicators that companies are ready to invest in the necessary “catch-up” to secure their supply chains. Whether it's reacting to news of a disturbing cyberattack, or whether the company itself has suffered a cyberbreach, or wants to avoid tougher demands from regulators in the future. I don't mind.

Cybersecurity: What is the “new marathon” for protecting the supply chain?

Running a continuous marathon at a faster pace to protect your company's digital supply chain may seem daunting, but the challenge can be broken down into key steps. Remember

Cybersecurity: Recognition and acceptance
Most companies have already gained recognition and acceptance of this challenge, depending on their digital maturity in their field. According to KPMG research, executives are ready to act and are beginning to abandon the old mindset of turning their business into an impregnable fortress.

Cybersecurity: Understanding the  Scope 
next step is to understand the size and scope of your supply chain. Specifically, we analyze who the vendor is, how they are connected, and what dependencies they create. Most large companies have robust third-party risk programs and policies that identify at least these relationships and have processes in place to conduct supplier risk assessments. However, these assessment processes may need to be updated to reflect the reality of digitally connected supply chains.

Cybersecurity: Conducting a Risk Assessment A
comprehensive risk assessment allows management to set budgets for security system functionality upfront at the start of technology and supply chain projects, rather than after the fact. You could also get critical senior “buy-in” to fund mitigation measures for existing systems.

Cybersecurity: Dive deep into the data
Often, the impediment to accurate risk analysis is the absence of clear, consumable data. Various data are scattered, such as contracts and risk assessment forms that are not standardized and uploaded to incompatible systems. You have to figure it out.
With a single view of the supply chain and its underlying data, he can rank risks and determine the most appropriate course of action for the envisioned future. Organizations can then begin building critical cybersecurity and risk management infrastructures that reflect their desired future state.

Cybersecurity: The key to continuous monitoring
business leaders is that these actions should be part of an ongoing, long-term marathon effort. This mindset is beginning to take hold as KPMG introduces clients to KPMG's unique continuous assessment and monitoring platform. The platform automates and continuously organizes third-party risks to meet the evolving corporate landscape of supplier relationships, digital connectivity, and evolving cyber risks.
In fact, with 34% of respondents to the KPMG Global CEO Survey  saying they plan to implement automation to streamline and optimize security and technology risk management, such a solution is Interesting.

Companies that embed cyber defenses at each stage of the marathon route
must build a deeply ingrained cybersecurity culture. There is a common mantra that "security is everyone's job" and security is built into the design of products and services. In parallel, we need comprehensive leadership so that we can see the entire supply chain. Notably, major companies are already appointing “supply chain CISOs” to enable such holistic oversight.

Cybersecurity: Preparing for the Cyber ​​Marathon
With the irreversible digitization of supply chains and evolving cyberthreats, slow steady runs are not enough. All organizations need to rethink their race strategies in light of reality. Fortunately , according to the findings of the KPMG Global CEO Survey , today's business leaders seem ready to embrace the vision of cyber resiliency and accelerate the pace for the long road ahead.