Supplier Cybersecurity and the Supply Chain

DPA Insights

By Patricia J. Richards, senior consultant, Daniel Penn Associates LLC

I don’t know about you, but I spend an increasing percentage of my professional and business time pondering the threats and remedies of cybersecurity.

Tom Clancy and Mark Greaney, authors of Threat Vector, amplify our concerns about cyber-attacks from China. James Lyne, a cybersecurity specialist and Director of Technology Strategy at Sophos, recently took the TED2013 stage to demonstrate the newest and nastiest creations that cybercriminals have designed to steal data, make off with billions of dollars, watch people through their webcams and target power and utility companies.

Cybersecurity and cybersecurity standards are clear priorities for our government. Few dispute President Obama’s declaration that the cyber threat is one of the most serious economic and national security challenges we face as a nation.*

Businesses of all sizes have rushed to adopt the latest technologies to gain efficiencies and optimize operations. However, cybersecurity incidents are on the rise and small businesses are almost just as likely to have their systems breached as are larger corporations.**  Without a corresponding assessment of the security risks that new technologies may pose, all businesses are in jeopardy.

For private sector businesses whose security standards have been more reactive than preventative, the potential for disruption could be catastrophic. Attention must be given to addressing the role that cybersecurity plays in contracts between corporations and their suppliers. As with any system-wide infrastructure adoption, special steps must be taken by the corporation to ensure that their cyber strategies are shared with potential/current diverse suppliers to ensure each link in the supply chain is secure as well.

One of the most compelling reasons that corporations implement supplier diversity and inclusive strategies is that it helps mitigate business risks by creating a more flexible and robust supply chain. This increases competitiveness by attracting and developing smaller suppliers who have the ability to think innovatively and to move quickly, thus driving costs out of the system.

Maintaining a strong supply channel and channel operators takes an investment on the part of corporate decision-makers and diverse suppliers. For example, by maintaining regular communication with suppliers and sharing cybersecurity strategies as they evolve, corporations can reinforce the reliability of their supply chain and provide the extra dimension of sustainability for supply chain partners.

Just as truly committed corporations have taken the lead in counseling diverse, small businesses on other key aspects of business management, financial viability and business structure, cybersecurity knowledge transfer and practices are essential spokes in the wheel of growth for these diverse businesses.

These action steps can help corporations enhance cybersecurity within their industries and organizations:

  • Discuss – The private sector should raise the urgency of dialog on cybersecurity at the national business level, highlighting dangers, proposing strategies and offering solutions
  • Educate – Regional and national business organizations can alert and prepare diverse businesses (minority, women, GLBT, disability and service-disabled veterans) to address cybersecurity issues in their businesses and with their customers
  • Assess – Corporations should assess suppliers’ cybersecurity capabilities as part of the normal RFX process and have in place a protocol to educate and assist diverse businesses
  • Adopt – Large corporations and diverse suppliers should review the safety of their systems, reallocate resources to improve those systems and adopt a plan to minimize the impact of cyber threats

Patricia Richards is a senior consultant at Daniel Penn Associates. With more than 25 years’ experience in supplier diversity and supply chain integration, she fosters engagement at all levels of clients’ organizations to build coalitions with suppliers and community organizations.

* Cybersecurity,, National Security Council

** Protect Your Small Business Against Cyber Attacks,, May 10, 2010

Additional recommended reading materials:
Cyber-Security Measures: Confidence in Them Lacking Among Execs by Nathan Eddy, 07/29/2013,

Global BSI and business continuity study reveals firms’ fears about cyber-attacks

Cyber Security Policy Guidebook, Jennifer L. Bayuk, Jason Healey, Paul Rohmeyer and Marcus Sachs, Published by John Wiley and Sons, Hoboken, NJ. Copyright 2012, John Wiley and Sons, all rights reserved.

Speak Your Mind