The APAC findings of a cyber defense platform’s third annual global survey into supply chain cyber risk management have been released.
According to the findings, 98% of APAC survey respondents have been negatively impacted by a cyber security incident in their supply chain.
External vendors and suppliers who have access that might be compromised make up digital supply chains.
2100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief information security officers (CISOs), and chief procurement officers (CPOs), with 600 respondents across APAC from Australia, Singapore, and the Philippines, in organizations with more than 1,000 employees, participated in the study, which an independent research organization conducted. It included 11 countries from North America, Europe, and Asia Pacific.
Risks to the supply chain are increasing, and they are less visible.
Some significant APAC survey results included:
In their supply chain, between two and five cybersecurity breaches were reported by 52% of APAC companies. Just 38% of respondents from APAC, however, ranked supply chain risk as a top priority. Compared to a 36% global average, this is more favorable. Yet, with 37% of respondents from APAC admitting that cyber risk was not on their radar, it is unlikely that they were aware of all the risks in their supply chain. In contrast, the global average is 38%.
The most frequent response (28%) among APAC respondents when asked how often they reassess third-party or supplier cyber security risk was quarterly. Over a third (32%) of respondents from APAC reported doing so less frequently than six times per year. Just 3% of people claim to be either daily or real-time monitors.
Automation is essential for efficient risk monitoring; however, APAC used vendor risk management programs less frequently than the rest of the world (37% vs. 41% on average globally).
Compared to the global average of 40%, 39% of respondents from APAC indicated they had no method of knowing if a third-party provider poses a security risk. It remains a good reminder of the difficult problems that APAC companies must overcome to manage supply chain risk.
According to the cyber defense platform, visibility into supply chain cyber security risk is still challenging in Asia. IT leaders are still not prioritizing supply chain security despite the continued high incidence of negative impacts from cyber security breaches in the supply chain, such as the high-profile breaches seen in Australia at the end of last year.
The cyber defense platform advises businesses to emphasize more strategically tackling supply chain cyber security risk in light of the deteriorating threat landscape and increasing number of high-profile events being disclosed. The last thing any business wants in the current unstable economic environment is another disruption to their operations, unforeseen charges, or a negative impact on their brand.
Yet even while a more considerable number of businesses claim that this is a top concern, a sizeable portion still needs to be more knowledgeable of the hazards in their supply chains. In today’s linked environment, depending on suppliers to minimize risks without monitoring or control leaves organizations susceptible. A danger to a supplier is a risk to your own business.
