Almost a fifth of organisations are prepared to use IT suppliers that do not meet their security standards, according to a poll.
Some 17 per cent of respondents said they do not require an audit, with just under two-thirds, 63 per cent, saying they would not use a vendor if they did not meet the required standard. The remaining 20 per cent said they are planning an audit process.
The poll of 160 IT professionals, carried out at the IP Expo Europe event by cyber security firm Tripwire, also found 53 per cent of firms require their vendors to pass security audits before working with them. Almost a quarter, 24 per cent, do not, and a further 23 per cent are planning to introduce vetting.
Dwayne Melancon, chief technology officer at Tripwire, said: “In the context of supply chains, security risk becomes a communicable disease. As customers become aware of this fact, they will insist that supply chain owners and participants are designing and operating with security in mind. Customers will only trust supply chain security if we can prove that foundational security controls are in place and effective.”
While the majority of organisations check contracts with suppliers to make sure they are up to scratch when it comes to security, 67 per cent of firms said they did not, and 22 per cent of respondents recognised they should, but said they did not have the resources.
Brand damage was highlighted by 62 per cent as the worst impact of a potential cyber breach. This was followed by reduced customer confidence (63 per cent), regulatory fines (46 per cent), loss of contracts (also 46 per cent), and a lower share price (21 per cent).
This week, telecoms provider TalkTalk revealed it had suffered a cyber attack. The company said sensitive financial information was not accessed, although contact details and account information may have been. The police are currently investigating the security breach.