When companies began extensively outsourcing and globalizing the supply chain in the 1980’s and 1990’s, they did so without understanding the risks suppliers posed. Since this, companies have begun implementing vendor management processes for a range or risk domains – ranging from basic, paper‐based approaches to highly sophisticated software solutions and physical audits – to assess and mitigate vendor risks to the supply chain. With a Cyber Security focus, similar is the case – however with such a complex domain these methods prove costly, inefficient, ineffective, and inconsistent.
System services are increasingly provided by external provider, and organisations have no direct control over the implementation of the required controls or the assessment of control effectiveness. Organisations establish relationships with external service providers in a variety of ways, including through business partnerships, contracts, interagency agreements, lines of business arrangements, licensing agreements, joint ventures, and supply chain exchanges. The responsibility for managing risks from the use of external system services remains with management. For third party supplied services, organisations must establish and retain a certain level of confidence in each provider - trust.
As cyber threats continue to rise and the ecosystem of suppliers grow, processes for cyber security assessments of the supply chain need to be matured. Cyber security events continue to be uncovered and no organisation wants to be in the headlines. In late 2013, retailer Target experienced a significant breach involving the theft of roughly 110 million customers’ data and at least 40 million payment cards. Home Depot, another large retailer, also claims that a credit card breach it experienced in 2014 was initially due to stolen credentials from a third-party vendor. The truth is that 39% of global business leaders believe supply chain partners pose a high risk to their organisation. When organisations are breached in this way, financial penalties, legal costs, loss of consumer confidence, drops in stock price and overall hits to their reputation are all too common. The average cost to an organisation of a data breach is now $4.24 million U.S. The average cost to individuals is loss of their job.
Best practices in cyber security due diligence are needed; automation and technology are needed to provide a scalable operating model that can be funded just in time.
The vision of faster due diligence information, easier compliance, and consistent outcomes rests with the selection of methodologies and tools to match. Given the reliance of supply chains and increasing governance and compliance requirements, the existing approach to supplier risk management is under immense pressure to change. Organisations are struggling to up with demand for due diligence assessments given the volume of suppliers in the ecosystem. Something must change.
Trudexia provides a platform that systematises assessing risk of suppliers which enables organisations to scale to meet the current and future demands; all at the same time to deliver consistent and in-depth intelligence of suppliers. Trudexia provides access to faster due diligence information as sharing of intelligence is open to all. Compliance is made easier with Trudexia as the platform provides ready to use reports and dashboards to gain comfort of the risks. Finally, Trudexia provides consist intelligent at the highest level tailored to any risk profile – enabling faster due diligence information, easier compliance and consistent outcomes helps organisations manage risk.