ESG Cyber Policies & Supply Chain Security

FEATURES/ ESG/ CYBER POLICIES

Cyber Policies Module

Monitoring cyber risk of suppliers is of paramount importance in today's interconnected and digital business landscape. Suppliers often have access to sensitive information, critical data, and interconnected systems within the company's supply chain, making them potential entry points for cyber threats.‍

By evaluating the cyber policies and practices of suppliers, companies can gauge their cybersecurity maturity, identify potential vulnerabilities, and assess the risk they may pose to the company's data and operations. FRDM’s Cyber Module predicts and measures risk across suppliers and sub-suppliers in your organization.

According to a study by the Ponemon Institute, 59% of companies experienced a data breach caused by a third-party vendor or supplier in 2021. This statistic highlights the significant risk that cyber breaches in suppliers pose to companies and underscores the importance of assessing and managing cyber risks throughout the supply chain. Companies need to be vigilant in evaluating the cybersecurity practices of their suppliers to protect their sensitive data and maintain the integrity of their operations. Understanding the cybersecurity posture of suppliers allows companies to take proactive measures to strengthen their overall cyber resilience.

Collaborating with suppliers to align cybersecurity standards, sharing best practices, and implementing necessary improvements can help create a robust and secure supply chain ecosystem.

Download Module Guide

42%

Growth of cyber threats in supply chains over the past year.

(Accenture Cyber Threat Intelligence Report, 2021)

40%

The percentage of companies experiencing a cybersecurity breach through a third-party vendor

(Deloitte, 2020)

287 days

Companies experienced an average downtime of 287 days following a supply chain data breach, resulting in substantial financial and reputational losses. (The IBM Cost of a Data Breach Report, 2021)

(The IBM Cost of a Data Breach Report, 2021)

68%

Percentage of assesed suppliers with inadequate cybersecurity practices, posing significant risks to their customers' supply chains.

(BitSight, 2021)

Primary Challenges Facing Companies.

Lack of Supply Chain Visibility
‍Many companies have limited visibility into the cybersecurity practices of their suppliers.Third-Party Dependencies: Companies often depend on numerous suppliers and third-party vendors, increasing the risk of cyber breaches through the supply chain.

‍Cybersecurity Maturity Variability
‍Suppliers may have varying levels of cybersecurity maturity, with some
lacking adequate security measures.

‍Regulatory Compliance and Legal Concerns
‍Companies may face legal and regulatory repercussions if a cyber breach occurs through their supply chain, especially if personal or sensitive data is compromised.

Difficulty in Enforcing Cybersecurity Standards
‍Companies may struggle to enforce cybersecurity standards and best practices among their suppliers.
‍
Insider Threats
‍Cybersecurity incidents can also be caused by insider threats, where malicious or negligent actions from employees or contractors within the supply chain lead to data breaches.

‍Emerging Threats and Sophisticated Attacks
‍Cyber attackers constantly evolve their tactics, making it challenging for companies and their suppliers to keep up with emerging threats and protect against sophisticated attacks.

‍Resource Constraints
‍Many suppliers, especially smaller ones, may lack the resources or expertise to implement robust cybersecurity measures, leaving them vulnerable to cyber breaches.

‍Supply Chain Complexity
‍Global supply chains can be complex, with multiple tiers of suppliers and cross-border operations.

‍Lack of Incident Response Preparedness
‍Companies may not have adequate incident response plans in place to handle cyber breaches that occur through their supply chain.

How It Works

FRDM risk ranks each supplier across five spectrums (weak to strong) in regards to cyber risk based on industry, geo, adverse media/reports, and cyber policy evaluation.

‍FRDM uses only your basic available vendor data (supplier name, industry, location, spend, and purchase) so you don’t have to overburden your team and suppliers with difficult data requests. FRDM runs constant adverse media checks for any mentions of cyber issues or reports against supplier names. Suppliers are offered a free portal called supplier link providing the supplier with resources and assessments to determine cyber policy maturity. Any cyber certifications can be collected through the portal, and nested in the buyer's dashboard.