A third of businesses would sack suppliers that neglected cyber security


A third (31%) of businesses would terminate contracts with suppliers whose negligence caused them to become a victim of cyber crime, according to a survey published today by Beaming, the business ISP.

The research, which was conducted for Beaming by the consultancy Opinium, reveals that the majority of businesses leaders believe that their suppliers are obligated to ensure they do not expose them to unnecessary cyber security risks.

One in five (17%) would take legal action to recover financial losses incurred from a breach as a result of a supplier’s negligence, while a similar number (20%) would use the incident to negotiate a further discount. Just 3% of businesses said they would take no action.

Beaming’s survey also showed that victims of cyber crime could find it more difficult to attract new customers. More than a third (35%) of the leaders questioned said they wouldn’t work with a supplier they thought would make them more vulnerable to cyber crime, while a quarter (27%) said they  would avoid using a company that had been publicly associated with a major cyber security breach.

A quarter (25%) of those questioned said they wouldn’t work with companies that didn’t have a documented cyber security policy in place, while one in five (19%) would avoid potential suppliers without cyber security insurance.

Small businesses are most at risk

Beaming’s research revealed that small businesses are most at risk of damaging their reputations and business relationships by neglecting their cyber security obligations. Amongst firms employing between 10 and 49 people, just half (51%) had a documented cyber security policy and a third (38%) had insurance in place for breaches and data theft at the beginning of 2018.

Meanwhile, only half (51%) of businesses employing fewer than 10 people were using a network perimeter firewall to stop threats from reaching their systems, and just one in three (30%) had intrusion detection systems to spot malicious activities or cyber security policy violations.