NEW YORK, Sept. 19, 2023 /PRNewswire/ — Of over 1,000 C-suite and other executives, almost half (44.9%) expect an increase in the number and size of cyber events targeting their organizations’ supply chains in the year ahead, according to a new Deloitte poll. The expected increase seems to indicate higher go-forward concerns, as just 33.8% of respondents say their organizations experienced one or more supply chain cybersecurity events during the past year.
“While negative cyber events—like any business disruption—can be the most powerful catalyst for improvement, we see leading organizations working to build more proactive capabilities to detect and mitigate potential cyber threats in their supply chains,” said Sharon Chand, a Deloitte Risk & Financial Advisory principal and cyber risk secure supply chain leader, Deloitte & Touche LLP. “It’s not a simple feat but aiming to achieve greater supply chain visibility and third-party cyber risk management can help bolster and speed organizations’ post-incident recovery and resilience.”
Part of improved supply chain visibility can include third-party risk assessments. While nearly half of respondents’ organizations conduct third-party risk assessments prior to new vendor engagement (46.5%), just 29.1% of that group also repeat those assessments at least annually as well. Unfortunately, 20.9% of respondents say their organizations do not conduct third-party risk assessments to support broader supply chain security.
Chand continued, “Third-party risk assessments can range from conducting surveys of those entities’ practices to requesting software bills of materials (SBOMs) for components of larger products. But in order to ask such things of your third parties, you need to have the infrastructure in place to process their inputs. Building such capabilities can help organizations protect their supply chains and defend against future security threats.”
About the online poll
Over 1,020 C-suite and other executives were polled during a recent webcast, titled “Supply chain security: Building resiliency and mitigating risks,” on June 20, 2023. Answer rates differed by question.
About Deloitte
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 8,500 U.S.-based private companies. At Deloitte, we strive to live our purpose of making an impact that matters by creating trust and confidence in a more equitable society. We leverage our unique blend of business acumen, command of technology, and strategic technology alliances to advise our clients across industries as they build their future. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Bringing more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s approximately 457,000 people worldwide connect for impact at www.deloitte.com.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.
SOURCE Deloitte
