The research, which was conducted for Beaming by the consultancy Opinium, reveals that the majority of businesses leaders believe that their suppliers are obligated to ensure they do not expose them to unnecessary cyber security risks.
One in five (17%) would take legal action to recover financial losses incurred from a breach as a result of a supplier’s negligence, while a similar number (20%) would use the incident to negotiate a further discount. Just 3% of businesses said they would take no action.
Beaming’s survey also showed that victims of cyber crime could find it more difficult to attract new customers. More than a third (35%) of the leaders questioned said they wouldn’t work with a supplier they thought would make them more vulnerable to cyber crime, while a quarter (27%) said they would avoid using a company that had been publicly associated with a major cyber security breach.
A quarter (25%) of those questioned said they wouldn’t work with companies that didn’t have a documented cyber security policy in place, while one in five (19%) would avoid potential suppliers without cyber security insurance.
Small businesses are most at risk
Beaming’s research revealed that small businesses are most at risk of damaging their reputations and business relationships by neglecting their cyber security obligations. Amongst firms employing between 10 and 49 people, just half (51%) had a documented cyber security policy and a third (38%) had insurance in place for breaches and data theft at the beginning of 2018.
Meanwhile, only half (51%) of businesses employing fewer than 10 people were using a network perimeter firewall to stop threats from reaching their systems, and just one in three (30%) had intrusion detection systems to spot malicious activities or cyber security policy violations.
Sonia Blizzard, managing director of Beaming, comments: “We’ve seen for some time that hackers will seek to infiltrate one organisation as a stepping stone to then attack others. This research clearly shows that business leaders see cyber security as a shared responsibility. Businesses that neglect to take the steps necessary to protect themselves and their partners could find that a single breach could irreparably damage their hard earned reputations and relationships.”
“For businesses, the consideration of risk must extend beyond their own boundaries to incorporate customers, partners and other organisations they come into contact with. Rather than simply guarding what’s ours, we need a cyber security culture that means we all look out for those we do business with too. Just like herd immunity, if enough businesses are well secured, the ability for denial-of-service attacks, viruses and other attacks to spread will be greatly diminished.”