Select Page

Enterprise IT leaders demanding more stringent cyber security from suppliers

cybsafe logo background


Press releases 07/31/2017

Inaugural CybSafe Supplier Cyber Security Study reveals SME must increasingly prove cyber credentials to win contracts

  • 1 in 3 SMEs have had their cyber security precautions questioned as part of winning contracts in the last year
  • 50 percent of SMEs have had cyber security clauses added to new contracts in the last five years
  • However, 1 in 7 organisations have no cyber security controls at all, although 69 percent of organisations have cyber security training in place

CybSafe, London, 31st July 2017: CybSafe, the behavioural science based cyber security e-learning platform, today revealed that enterprise level organisations are increasingly assessing cyber security during supplier contract negotiations. The GCHQ-accredited software platform, based in renowned Canary Wharf connected community Level39, conducted a survey of SME decision-makers to assess how their enterprise customers approach cyber security during the tender and RFP process. The study revealed that 1 in 3 SMEs selling to enterprise required cyber security precautions as part of the RFP process to win new contracts in the last year and 50 percent had cyber security conditions included in new contracts with enterprise customers.

In addition, 44 percent of respondents had been required to have a recognised cyber security standard, such as ISO 27001, by their enterprise customers, 28 percent in the last year alone, demonstrating a clear trend in enterprise approach to supplier information security. The threat of Information Commissioner’s Office (ICO) sanctions, looming GDPR and reputational damage from a data breach mean enterprise organisations are increasingly looking at the security of their entire IT estate, including third party suppliers.

Worryingly for business and IT leaders, the inaugural CybSafe Supplier Cyber Security Study also revealed that 1 in 7 SMEs selling to enterprise had no cyber security protocols in place at all. This further highlights cyber security vulnerabilities in the supply chain as cyber criminals increasingly target suppliers due to the perceived lack of stringent information security protocols in SMEs.

Oz Alashe, CEO and founder, CybSafe said; “The CybSafe Supplier Cyber Security study shows the extent to which enterprise focus on securing the supply chain has increased in recent years, in light of increased sanctions for data loss and high-profile data breaches. This represents a unique opportunity for enterprise to affect cyber security change on a much greater scale. By insisting on a greater focus on cyber security from their SME suppliers, these businesses can play an influential role in reducing overall cyber risk and increasing mass awareness of cyber security throughout the business community, from supplier to enterprise. This can only be a positive impact on the progression of cyber risk awareness in society as a whole. The more enterprise sees cyber security as a value-add, the more SMEs will change online practices to become that trusted vendor.”

The annual CybSafe Supplier Cyber Security Study aims to track trends in enterprise approach to cyber security among suppliers, providing a definitive check- up on the state of supply chain information security. Other findings from the study include:

  • Over 2 in 5 (43 percent) of organisations have cyber insurance to protect against data breaches
  • Less than half of organisations surveyed had begun taking data protection steps ahead of GDPR implementation
  • More than 2 in 5 respondents would inform all customers immediately following a data breach
  • 54 percent of the SMEs decision makers surveyed had been asked about employee cyber security training by enterprise customers

Oz Alashe, added; “High profile data breaches such as Target, where hackers gained access to the retailer through its air conditioning supplier, have brought supply chain cyber security to the forefront and this has clearly struck a chord with enterprise leaders. Organisations are realising that it’s no longer enough to ensure their own network is secure, but they must now also pay closer attention to securing the supply chain. This is a trend we will see increase in the coming years. No business is an island, and so large organisations will only work with trusted vendors in the future. The SMEs that adapt their information security practices to the new landscape and demonstrate their cyber credentials will be the most successful in the future.

Using intelligent software and proprietary analytics, CybSafe’s cloud-based platform learns an individual’s knowledge level and their behaviour patterns to deliver a personalised e-learning programme. Delivered through a mobile app or online the platform will save businesses money, not just by reducing their risk of becoming victim to a security breach, but also by delivering meaningful training that constantly evolves based on current threats and potential reductions in cyber insurance premiums.


The research was conducted by Censuswide on behalf of CybSafe. It was a survey of 250 IT decision-makers within SMEs that sell to enterprise.

About CybSafe

CybSafe is a leading provider of cyber security awareness training that focuses on better protecting people from cyber threats, both at work and at home. It uses a cloud-based platform grounded in psychology and behavioural science which has been built to address the ‘human factor’ of cyber security.

CybSafe’s intelligent software harnesses collective lessons across the cyber-security community in a low cost per-user subscription to help businesses of all sizes improve cyber security behaviour and reduce cyber risk both internally and within its supply chain. The GCHQ-accredited software helps business to mitigate cyber risk with greater certainty, greater impact, and more cost effectively.

In 2017 CybSafe was admitted into Level39, the prestigious connected community based in Canary Wharf.

CybSafe press contacts

Elvis Moyo

+44 (0)208 819 3170