Procurement vs. Cyber Attacks: Who Can Win in the Long Run?

By Jaime Leonard

April 11, 2018 at 7:52 AM

Procurement organizations need to call on their suppliers to increase IT security to mitigate risks against cyber threats. Working with suppliers that take IT security into heavy consideration will be critical for companies to avoid major cyber threats or data breaches.  Bloomberg reported that from 2015 to 2016, data breaches increased by 40%.  This has caused many companies to start investing more within the IT security space.  Companies have increased their cyber security budgets by 18% (Gartner) to ensure they have the proper level of funds allocated to this effort.

It is imperative that Procurement actively evaluates the IT security procedures of new suppliers as well as current suppliers.  During the strategic sourcing process, many Procurement functions will access the new supplier’s IT security procedures; however, they will fail to consistently and periodically evaluate the supplier’s systems once a contract is in place.  Procurement must work with its Supplier Management team to create scorecards that will actively monitor any potential supplier risks.

Procurement should focus on finding suppliers who have dedicated IT Security Teams in place that not only maintain procedures, but are also thriving innovators.  With constant changes in the IT landscape these days, many companies fail to keep up with best-in-class systems and trends.  They simply act as “maintainers” of their systems and fail to develop new, dynamic approaches. 

An example of this is seen through the recent trending movement of going to the Cloud.  IT organizations have traditionally worked with internal data centers, while moving to the Cloud introduces completely new methodologies and risk.  Moving data to servers that are not yours means any mistakes within the Cloud could be very public. 

Many Amazon Web Services (AWS) users have learned this the hard way.  Some users have unknowingly, yet negligently, leaked sensitive data publicly.  Even though AWS provides its customers an abundant amount of training and resources, it comes down to the customers needing to fully understand what they can do (knowingly or not).

When evaluating suppliers, Procurement should look beyond just their certifications like ISO 27001 and 27002.  Evaluating these certifications are still important. However, Procurement cannot stop at these institutionalized and segmented certifications that often miss taking into consideration the constant changes of reality in the IT landscape.

At the end of the day, cyberattacks are not a dying breed.  Organizations need to come to terms that these threats will only increase, along with their severity.  The best strategy is to allocate the proper resources, plans, and funds to mitigate as much risk as possible.  Procurement has a key role in mitigating these risks by working with their supply base on a consistent basis.

Tags: ransomware Cyber threats Procurement cyber attacks IT security
Category: Blog Post

Jaime Leonard


Jaime Leonard is a Senior Associate with GEP. He has over seven years of Procurement and Supply Chain experience and is part of the global consulting team based in Atlanta, GA.  Jaime has worked with many Fortune 500 and 200 companies, providing expertise in various Procurement and Supply Chain strategies to promote cost-saving initiatives and more efficient processes in the Insurance, Financial Services, Automotive, Aerospace, Medical Device, Pulp and Paper, and Consumer Products Industry.

Please add a comment

You must be logged in to leave a reply. Login »

Related Content

Contract Management: How Technology Helps Procurement Ensure Compliance, Boost Efficiency, & Minimize Risk

Timothy Donaghy

Despite the increased digitization of many business functions, the contract management function has lagged behind at many organizations. Read More

Impact of Source-to-Pay Artificial Intelligence (AI) Applications Beginning to Grow

Dennis Bouley

The way that most companies are deploying their source-to-pay process is changing. While large organizations tend to push towards end-to-end automation of the process, mid-market and smaller organizations are still faced with a significant mix of au… Read More

ProcureCon Direct 2018 Analyzes the Future of Direct Procurement

Dennis Bouley

ProcureCon Direct - Need to update yourself on the future of direct procurement and the impact of incoming millennials on your industry? Read More

Supplier Profiles


Staples Advantage is the one supplier that offers all the business solutions you need, all with the expertise of a specialty vendor. Read More


It started in 1972 with an idea, a new concept in distribution. Today, Digi-Key Corporation is one of the fastest-growing electronic component distributors in the World. The stimulus for this growth is Digi-Key's customer-centered business philosophy… Read More

Lunney Advisory Group

Lunney Advisory Group was founded in 2007. Our firm is not your typical consulting company. Some members of our firm are highly qualified and experienced industry executives/practitioners while others are full time or adjunct university professors.… Read More


What CEOs Expect Of Purchasing

Guest Contributor

Procurement and supply management leaders have a seat at the table, and management’s expectations are high. But what do CEOs really want, and is purchasing delivering on these expectations? This webcast looks at how procurement and supply management … Read More

Growing Purchasing Influence On Indirect Spending

Guest Contributor

At world-class companies, purchasing’s influence touches just about every area of spending. But, how exactly do procurement teams get to the point where other departments approach them for help with sourcing such indirect categories as human resource… Read More

Procurement-Finance Collaboration

Guest Contributor

Procurement & finance are two business functions which are often at loggerheads with each other. One reason for this is the lack of perception alignment on an important metric of procurement and finance performance - 'savings'. Read More