According to a survey, fewer than a third of companies (31 per cent) have clauses in contracts with their suppliers regarding cyber risk, according to the UK government.
A report, The Cyber Governance Health Check, found 14 per cent have other arrangements such as pre-contract diligence, third-party audit and third-party self-assessment.
The industrial goods and services sector was least likely to employ some sort of formal arrangement, with 29 per cent saying they had cyber risk clauses in contracts. But 41 per cent of those in the technology and communications sector said they have cyber risk clauses in contracts.
The government called on UK companies to do more to tackle cyber threats, as the survey of FTSE 350 firms also found only 14 per cent regularly address cyber crime.
The research by the Department for Business, Innovation & Skills found a quarter of 217 respondents said the company board has “a poor understanding” of where its key information or data assets are shared with third parties such as suppliers, advisors, customers and outsourcing partners.
To tackle the growing threat, the government is working with industry to develop an official ‘cyber standard,’ which will help stimulate the adoption of good cyber practices among business.
The Kitemark-style standard will be launched early next year, as part of the £860 million cross-government National Cyber Security Programme.
Science minister David Willetts said: “The cyber crime threat facing UK companies is increasing. Many are already taking this extremely seriously, but more still needs to be done. We are working with businesses to encourage them to make cyber security a board-level responsibility.
“The cyber standard will promote excellence in tackling cyber risks, help businesses better understand how to protect themselves, and ultimately increase the nation’s collective cyber security.”