Brian Alster, head of third-party risk and compliance solutions with Dun & Bradstreet, outlines the steps that procurement organizations should be taking to guard against a growing number of potentially devastating cyber attacks.

Alster has one word to describe the state of cyber threats to supply chains today: “increasing.” That means greater frequency, severity and costs associated with each attack. He cites a recent survey in which 53% of respondents experiencing a breach said it came through a third party. And the average cost of those events was $8 million per incident.

Every part of a business is vulnerable today, Alster says. Attacks are occurring at multiple levels of the organization. Making matters worse is the impact of the coronavirus pandemic, which has resulted in greater numbers of employees working remotely, adding to the number of entry points for prospective thieves. In addition, the need for companies to rapidly secure alternative sources of supply has caused many to relax their procedures for onboarding new partners. “Cyber risk has been quick to be put to the side,” Alster says.

Companies need to engage in detailed risk assessments, ensuring security both within the organization and among a slew of vendors, suppliers and other types of third parties. When it comes to ensuring external compliance with cybersecurity, Alster urges businesses to treat the matter as a top priority. They should create risk thresholds, in order to understand exactly what constitutes an acceptable level of risk when dealing with third parties. They should keep tight control over their data, with strict measures to prevent access by unauthorized parties. And they should monitor compliance with security protocols on a continuous basis. “It’s not good enough to do a basic assessment, then put the document in the drawer,” says Alster.