Supply-Chain and Third-Party Risks

The strength of an organization’s cybersecurity can be completely undermined by the weakest link in its supply chain. At stake may be the company’s profitability, reputation, and credibility.

Recent research highlights a 300 percent increase in supply chain cyberattacks in 2021 compared to 2020 levels. For instance, attackers in the high-profile 2021 SolarWinds breach made use of these tactics to target many SolarWinds customers, dozens of them in the Fortune 500. In an increasingly interconnected digital ecosystem, boards and cybersecurity leaders must prioritize addressing these risks to achieve true resilience.

Successfully competing in the digital age may require using a long and global supply chain, including the use of third-party technologies and software. While this business practice may generate strong economic advantages, these benefits need to be balanced with recognizing and overseeing potential security risks. A 2019 conference for directors on cybersecurity concluded that one of its key takeaways was that directors must “[r]emain familiar with the company’s processes to identify, assess, and manage third-party and supply chain risks.”

This tool details questions that directors should be asking management to ensure adequate security measures are in place to address supply chain risks.