Greater Manchester has the highest rates of cybercrime in the country and a third of firms are putting themselves at serious risk of cyber-crime by not having a security policy in place for suppliers.
According to recent research by cyber security company Risk Ledger, attacks targeting smaller companies in order to open the door to larger customers is a growing trend, making a lack of visibility over smaller suppliers’ security arrangements a major cyber security risk.
In a survey of 2,500 third party suppliers who are mostly based in the UK, the company found:
- 32 per cent do not have a security policy setting out expectations of their own suppliers
- 21 per cent do not conduct cyber security due diligence on their suppliers
- 23 per cent do not have formal agreements in place with their suppliers that have appropriate security clauses to enable buying companies to properly audit their supply chain
- 40 per cent do not conduct regular penetration tests of their internal systems
- 20 per cent do not use password managers, putting their own and their customer’s data at risk
- 17 per cent do not enforce multi-factor authentication on remotely accessible services.
The issue is all the more prevalent for companies in Greater Manchester, which has been found to have the highest levels of reported cyber crime per 10,000 residents of any area in England and Wales.
According to IT provider CloudTech24, Greater Manchester Police received 1,803 cyber crime reports over the last 13 months, with the hacking of personal information, social media or email accounts the most common attacks.
The National Cyber Security Centre (NCSC) has recently launched two new flagship services designed to help small businesses find and fix cyber security issues. The NCSC also provides a series of guiding principles for establishing effective cyber security oversight of supply chains.
Our specialist Manufacturing Advisors can provide tailored support to help you identify cyber security threats and improve your processes. Get in touch today for a one-to-one diagnostic.