Cyber Security: What Procurement Professionals Need to Know in 2019

Cyber-attacks are the fastest growing crime in the United States and as procurement trends shift to digitally enabled supply chains, the organizational supply chain becomes more vulnerable. This puts sourcing and purchase data like supplier contracts and financial details at risk. In fact, CAPS research stated that in 2017, 60% of reported attacks on publicly traded U.S. firms were launched through the IT systems of suppliers or other third parties. In response to the growing cyber security threat, procurement teams must protect sensitive information belonging to their own organization and their customers. 

Costs of a Cyber-Attack

The cost of a successful cyber-attack to a company is over $5 million. In fact, by 2021 damage related to cyber-attacks is projected to hit $6 trillion annually. These costs include direct damage and even post-attack damage, such as loss of customers and reputation. No matter how you look at it, cyber-attacks are costly to a business, and they are not going anywhere.

Here are a couple examples of organizations that suffered after a third party experienced a data breach.

• The 2014 attack on Target caused an estimated $162 million in damages. This was due to a small HVAC company, Fazio. Hackers broke through Fazio’s firewall and stole Fazio’s credentials to break into Target’s system. 
• [24]7.ai, a vendor that provides customer support to clients via online chats, was breached affecting customers of Sears, Delta, and Best Buy. 
• In 2015 about 1,025 Wendy’s locations were hit by a credit card breach. Wendy’s placed blame on an unnamed third-party that serves Wendy’s locations. 
• The major credit bureau, Experian, suffered a major data breach in 2015. The hackers got access to the personal information of 15 million people who recently signed up for T-Mobile's service. 

Preventing a Data Breach

1. Stay up to date: Implement cyber security solutions that offer up-to-date security measures and mechanisms. This can also include staying up to date on news of cyber threats to other companies. 
2. Collaborate with the IT team: A procurement team should collaborate with the IT department to monitor systems and update internal policies. Additionally, holding company-wide cyber security meetings allows everyone in the organization to review the company’s policies and any recent cyber security threats. Holding these meetings can help prevent and manage cyber-attacks if one occurs. 
3. Develop a disaster recovery strategy: If all else fails and your system has been hacked, it is important to already have a plan in place to limit the negative effects of the data breach. 

As a procurement professional it is your responsibility to protect the financial data of your customers. Not only have customers trusted you with sensitive information, if a data breach did occur, your company losses all credibility. Keep this in mind as procurement becomes more technological dependent and cyber security continues to increase in risk.

The cybersecurity skills gap is one of the many trending topics addressed in Source One's latest whitepaper. Download Procurement in 2019 today to learn more.