Small and medium-sized businesses risk losing contracts as they ignore securing valuable client data, according to a survey of procurement managers by KPMG.
Image Source: Wikipedia
Some 86% of respondents said they would consider removing an SME supplier if they were hacked and 94% said cyber security standards are important when awarding contracts to SME suppliers.
Two-thirds of procurement managers ask their suppliers to demonstrate cyber accreditations (i.e. ISO27001, Cyber Essentials, IASME certifications or PCI DDS) as a part of their procurement assessment, with this number likely to increase in the near future, results show. In addition, SMEs are increasingly being asked to self-fund their own accreditations. In the absence of accreditation, 41% of procurement managers expect their suppliers to pay for their own accreditations and reach a certain level of cyber maturity in the near future.
Companies are also imbedding cyber security in their supplier contracts, with 47% of existing contracts already obliging suppliers to tell if they have been hacked. This means that, if an SME supplier is breached and doesn’t deal with it appropriately, they could be looking at the termination of a supply contract, authors of the study say.
The multisector survey of 175 procurement managers across the UK from organizations with over 250 employees also revealed that some 70% of procurement managers think SMEs should be doing more to prevent cyber attacks and protect client data.
Small businesses’ concerns about cyber threats have shot up and the perceived risk will only grow as attacks involving all range of companies increase, according to Business Insights. Some 60% of small business owners said they are concerned enough to take extra precautions including firewalls, offsite protected servers, multi-factor authentication, encrypted emails and multiple layers of password protection. The number of small business owners concerned about cyber security increased from 56% a year ago. About 85% of respondents said they would be willing to inconvenience customers if it meant better protecting customers’ online security when using the company’s products, services or websites.