Procurement vs. Cyber Attacks: Who Can Win in the Long Run?

By Jaime Leonard

April 11, 2018 at 7:52 AM

Procurement organizations need to call on their suppliers to increase IT security to mitigate risks against cyber threats. Working with suppliers that take IT security into heavy consideration will be critical for companies to avoid major cyber threats or data breaches.  Bloomberg reported that from 2015 to 2016, data breaches increased by 40%.  This has caused many companies to start investing more within the IT security space.  Companies have increased their cyber security budgets by 18% (Gartner) to ensure they have the proper level of funds allocated to this effort.

It is imperative that Procurement actively evaluates the IT security procedures of new suppliers as well as current suppliers.  During the strategic sourcing process, many Procurement functions will access the new supplier’s IT security procedures; however, they will fail to consistently and periodically evaluate the supplier’s systems once a contract is in place.  Procurement must work with its Supplier Management team to create scorecards that will actively monitor any potential supplier risks.

Procurement should focus on finding suppliers who have dedicated IT Security Teams in place that not only maintain procedures, but are also thriving innovators.  With constant changes in the IT landscape these days, many companies fail to keep up with best-in-class systems and trends.  They simply act as “maintainers” of their systems and fail to develop new, dynamic approaches. 

An example of this is seen through the recent trending movement of going to the Cloud.  IT organizations have traditionally worked with internal data centers, while moving to the Cloud introduces completely new methodologies and risk.  Moving data to servers that are not yours means any mistakes within the Cloud could be very public. 

Many Amazon Web Services (AWS) users have learned this the hard way.  Some users have unknowingly, yet negligently, leaked sensitive data publicly.  Even though AWS provides its customers an abundant amount of training and resources, it comes down to the customers needing to fully understand what they can do (knowingly or not).

When evaluating suppliers, Procurement should look beyond just their certifications like ISO 27001 and 27002.  Evaluating these certifications are still important. However, Procurement cannot stop at these institutionalized and segmented certifications that often miss taking into consideration the constant changes of reality in the IT landscape.

At the end of the day, cyberattacks are not a dying breed.  Organizations need to come to terms that these threats will only increase, along with their severity.  The best strategy is to allocate the proper resources, plans, and funds to mitigate as much risk as possible.  Procurement has a key role in mitigating these risks by working with their supply base on a consistent basis.

Tags: ransomware Cyber threats Procurement cyber attacks IT security
Category: Blog Post

Jaime Leonard


Jaime Leonard is a Senior Associate with GEP. He has over seven years of Procurement and Supply Chain experience and is part of the global consulting team based in Atlanta, GA.  Jaime has worked with many Fortune 500 and 200 companies, providing expertise in various Procurement and Supply Chain strategies to promote cost-saving initiatives and more efficient processes in the Insurance, Financial Services, Automotive, Aerospace, Medical Device, Pulp and Paper, and Consumer Products Industry.

Please add a comment

You must be logged in to leave a reply. Login »

Related Content

Thought Leadership and the Demise of Your Third-Party MRO Outsourcing Program: Part 4

George E. Krauter

When one defines third-party MRO (3PMRO) success, one assumes that fundamental operations are being executed and that expectations are being met (i.e., ROI goals are surpassed} Read More

Guidance for Addressing the New Talent Acquisition Challenge

Dennis Bouley

The US Labor Department reported in March of this year that there were 6.6 million job openings, a record high. Although most of us applaud these numbers Read More

Millennials in Supply Chain Management Seek Advancement and Development Opportunities

Marisa Brown

Millennials working in the supply chain management field don’t fit the mold that the older generation assumes for them. APQC’s recent study Read More

Supplier Profiles


Staples Advantage is the one supplier that offers all the business solutions you need, all with the expertise of a specialty vendor. Read More


It started in 1972 with an idea, a new concept in distribution. Today, Digi-Key Corporation is one of the fastest-growing electronic component distributors in the World. The stimulus for this growth is Digi-Key's customer-centered business philosophy… Read More

Lunney Advisory Group

Lunney Advisory Group was founded in 2007. Our firm is not your typical consulting company. Some members of our firm are highly qualified and experienced industry executives/practitioners while others are full time or adjunct university professors.… Read More


What CEOs Expect Of Purchasing

Guest Contributor

Procurement and supply management leaders have a seat at the table, and management’s expectations are high. But what do CEOs really want, and is purchasing delivering on these expectations? This webcast looks at how procurement and supply management … Read More

Growing Purchasing Influence On Indirect Spending

Guest Contributor

At world-class companies, purchasing’s influence touches just about every area of spending. But, how exactly do procurement teams get to the point where other departments approach them for help with sourcing such indirect categories as human resource… Read More

Procurement-Finance Collaboration

Guest Contributor

Procurement & finance are two business functions which are often at loggerheads with each other. One reason for this is the lack of perception alignment on an important metric of procurement and finance performance - 'savings'. Read More