More than two-thirds of companies are willing to invest in the security of their contractors and suppliers to guarantee invulnerability to cyberattacks, while a further quarter is already doing that.
This is according to a global Kaspersky study, which signals that contractors are now considered by businesses as part of a single, interconnected security ecosystem.
Amid a surge in supply chain attacks, hitting nearly every third company and trusted relationship attacks affecting a quarter of companies globally over the past year, organisations reconsider their approaches to internal security, recognising that their own cyber risk hinges on the security posture of any contractor or partner with access to their infrastructure and systems, and are prepared to act accordingly.
According to the Kaspersky survey, 69% of all respondents are considering investing in the security of their contractors to strengthen their own cyber resilience. At the same time, 25% of businesses have already begun sharing security costs with their contractors, moving from intention to action.
“Today businesses realise that security cannot end at the boarders of their own organisation, it must extend across the entire ecosystem,” comments Sergey Soldatov, head of security operations centre at Kaspersky.
“Smaller companies often lack the security capabilities of the enterprises they serve, posing extra risks to the latter. By sharing resources and expertise, larger companies can close this gap, strengthening weak points throughout the entire dependency chain — and become a key driver of global cyber resilience.”
To reduce supply chain risks, Kaspersky recommends that companies strengthen their security through organisational measures, including rigorous and evidence-based evaluation of software providers.
By assessing vendors’ security practices, reviewing software development processes and applying structured evaluation frameworks companies can ensure that only secure, resilient products work in their internal infrastructure.