98% of companies have already been affected by a cybersecurity incident that initially arose within a partner organization. This risk grows as operations become digitalized and the interconnection between the systems of various stakeholders is enhanced: clients, distributors, partners, tier 1 and 2 suppliers, etc.

But how can you optimally counter the multiplicity of possible risks? Within the framework of a survey of best practices in the market, the experts at Boston Consulting Group have shared an approach for prioritizing efforts:

- Start by identifying the minimal level of information required to assess your suppliers’ level of exposure to cyber risks. Then, focus your analyses on those who appear to present the greatest danger of contamination.

- Practice different cyber-attack scenarios, in partnership with a representative sample of your suppliers, in order to document with as much precision as possible your principal risks and the possible options to counter them.

- Use this analysis to identify the protective actions to be undertaken as a priority, whether internally or with key suppliers and partners.

This approach enables you to reinforce your cybersecurity in a targeted and progressive manner: a far more effective method than trying from the outset to establish a global approach to be deployed across your entire range of suppliers.

Source: Is Your Supply Chain Cyber-Secure?, Kris Winkler, Colin Troha, Ben Aylor, Nadine Moore, Boston Consulting Group, October 2023.