Almost three quarters of procurement professionals believe small suppliers should be doing more to prevent cyber attacks.
A poll of 175 buyers carried out by KPMG found 70 per cent of those polled said small firms should be doing more to secure client data.
The survey also found 86 per cent said they would ditch a vendor who had been hacked, and 94 per cent said cyber security standards were “important” when awarding contracts. Some two-thirds ask suppliers to demonstrate credentials such as ISO27001, the UK government’s Cyber Essentials scheme or IASME certification. And 41 per cent of buyers expect their suppliers to pay for their own accreditation if they don’t have any.
George Quigley, partner in KPMG’s cyber security practice, said: “Larger companies are placing an increased emphasis on the cyber security of their suppliers and increasingly the onus is on SMEs to show that they are tackling this issue head on.”
“Unfortunately many SME still take a blasé approach towards cyber security and mistakenly don’t see themselves as targets of cyber criminals. Unless these organisations take a more mature approach towards cyber security now, they face the risk of being frozen out of lucrative supplier contracts.”
Quigley added it would be increasingly important as demonstrating cyber maturity becomes the norm in both the public and private sectors.
The findings are in contrast to a separate survey published last week which found a fifth of organisations would be prepared to use vendors that do not meet their cyber security standards.
Telecoms provider TalkTalk has revealed the cyber attack that affected it in October cost the company between £30 to £35 million in its latest financial results.