Select Page

Large enterprises beginning to question SME cyber security, Inaugural CybSafe Supplier Cyber Security Study finds

CYBSAFE-SebDB Webinar-preblog-221011MS-36

12 September 2017

1 in 3 SMEs say they needed cyber security precautions to win new contracts in the last year alone

Large enterprises are beginning to scrutinise the cyber security of their suppliers.

As part of our Inaugural CybSafe Supplier Cyber Security Study, we looked into the cyber defences enterprise customers are now demanding of SME suppliers.

1 in 3 SME suppliers said they’d needed cyber security precautions to win new contracts in the last year alone, 50% said they’d had cyber security conditions built into contracts with enterprise customers and 66% said they’d had their controls questioned by a business customer at some point.

The findings should come as no surprise: cyber criminals have a habit of uncovering vulnerabilities in a company’s defences no matter where they lie. Just look at 2013’s most notorious cyber attack…

2013’s most notorious cyber attack

The attack in question involved more than one company, but the company hit hardest was US retailer Target.

Over a period of two weeks in November 2013, Target inadvertently fed the financial details of 40 million customers into the hands of cyber criminals.

At the time, Target was a publicly traded company with more than 1,770 stores and revenues topping $70 billion. Target had trained its people and invested in advanced technological defences to keep cyber criminals at bay.

So the attackers didn’t begin by attacking Target at all. Instead, they started their attack with Target’s air conditioning supplier.

How to defraud a retail giant

All it took to penetrate the supplier’s defences was a simple phishing email. And once the criminals had access to the supplier’s systems, they had access to Target.

The eventual cost to Target is estimated to be between $US 420 million and $US 1 billion. So it’s little wonder that large enterprises are increasingly enlisting suppliers that give cyber security the attention it deserves.

Enterprises demanding cyber secure suppliers

Whilst it’s true that large enterprises are beginning to focus on supply chain cyber security, it’s also true that some small suppliers are yet to introduce any cyber security training whatsoever. Even so, as time goes on, it seems clear that supply chain cyber security is only going to go one way.

SMEs taking proper cyber security precautions will win more contracts, as our new research suggests. And enterprises enlisting cyber secure suppliers will become more resilient – in turn becoming more attractive companies to do business with.

From a wider perspective, that means fewer high profile cyber attacks and fewer day to day breaches.

Cyber security and negativity often go hand in hand. For us, the new focus on supply chain cyber security is a positive and welcome break from the norm.


CybSafe is a leading provider of GCHQ-accredited cyber security awareness training that focuses on better protecting people from cyber threats, both at work and at home. It uses a cloud-based platform grounded in psychology and behavioural science which has been built to address the human aspect of cyber security.

CybSafe helps businesses of all sizes to improve cyber security behaviour, visualise human factor vulnerability and reduce cyber risk, both internally and within their supply chain. 

Request a free demo today to find out more today about how CybSafe can help protect your business.

Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like