By Jaime Leonard
Procurement organizations need to call on their suppliers to increase IT security to mitigate risks against cyber threats. Working with suppliers that take IT security into heavy consideration will be critical for companies to avoid major cyber threats or data breaches. Bloomberg reported that from 2015 to 2016, data breaches increased by 40%. This has caused many companies to start investing more within the IT security space. Companies have increased their cyber security budgets by 18% (Gartner) to ensure they have the proper level of funds allocated to this effort.
It is imperative that Procurement actively evaluates the IT security procedures of new suppliers as well as current suppliers. During the strategic sourcing process, many Procurement functions will access the new supplier’s IT security procedures; however, they will fail to consistently and periodically evaluate the supplier’s systems once a contract is in place. Procurement must work with its Supplier Management team to create scorecards that will actively monitor any potential supplier risks.
Procurement should focus on finding suppliers who have dedicated IT Security Teams in place that not only maintain procedures, but are also thriving innovators. With constant changes in the IT landscape these days, many companies fail to keep up with best-in-class systems and trends. They simply act as “maintainers” of their systems and fail to develop new, dynamic approaches.
An example of this is seen through the recent trending movement of going to the Cloud. IT organizations have traditionally worked with internal data centers, while moving to the Cloud introduces completely new methodologies and risk. Moving data to servers that are not yours means any mistakes within the Cloud could be very public.
Many Amazon Web Services (AWS) users have learned this the hard way. Some users have unknowingly, yet negligently, leaked sensitive data publicly. Even though AWS provides its customers an abundant amount of training and resources, it comes down to the customers needing to fully understand what they can do (knowingly or not).
When evaluating suppliers, Procurement should look beyond just their certifications like ISO 27001 and 27002. Evaluating these certifications are still important. However, Procurement cannot stop at these institutionalized and segmented certifications that often miss taking into consideration the constant changes of reality in the IT landscape.
At the end of the day, cyberattacks are not a dying breed. Organizations need to come to terms that these threats will only increase, along with their severity. The best strategy is to allocate the proper resources, plans, and funds to mitigate as much risk as possible. Procurement has a key role in mitigating these risks by working with their supply base on a consistent basis.
Jaime Leonard is a Senior Associate with GEP. He has over seven years of Procurement and Supply Chain experience and is part of the global consulting team based in Atlanta, GA. Jaime has worked with many Fortune 500 and 200 companies, providing expertise in various Procurement and Supply Chain strategies to promote cost-saving initiatives and more efficient processes in the Insurance, Financial Services, Automotive, Aerospace, Medical Device, Pulp and Paper, and Consumer Products Industry.
George E. Krauter
When one defines third-party MRO (3PMRO) success, one assumes that fundamental operations are being executed and that expectations are being met (i.e., ROI goals are surpassed} Read More
The US Labor Department reported in March of this year that there were 6.6 million job openings, a record high. Although most of us applaud these numbers Read More
Millennials working in the supply chain management field don’t fit the mold that the older generation assumes for them. APQC’s recent study Read More
Staples Advantage is the one supplier that offers all the business solutions you need, all with the expertise of a specialty vendor. Read More
It started in 1972 with an idea, a new concept in distribution. Today, Digi-Key Corporation is one of the fastest-growing electronic component distributors in the World. The stimulus for this growth is Digi-Key's customer-centered business philosophy… Read More
Procurement and supply management leaders have a seat at the table, and management’s expectations are high. But what do CEOs really want, and is purchasing delivering on these expectations? This webcast looks at how procurement and supply management … Read More
At world-class companies, purchasing’s influence touches just about every area of spending. But, how exactly do procurement teams get to the point where other departments approach them for help with sourcing such indirect categories as human resource… Read More