How Heads of Procurement can get on top of cyber risks

Supply chain cyber attacks are on the rise – a company is only as strong as its weakest link.

The challenges for you as a Head of Procurement include the increasing emphasis on ensuring supply chain security. Collaborating across industry and supply chains is key to success. 

The resulting questions for you as a Head of Procurement include: 

1How do we ensure our key supply chain partners do not present us with a major cyber security risk?

You should ensure oversight and control over your most critical third-party relationships, such as conducting risk assessments and due diligence where possible, whilst ensuring robust security protocols are in place around information sharing. Identifying the third-party relationships that are either most critical to your business operations or could have the greatest impact from a cyber incident will help you to identify the list of ‘critical suppliers’ on which to focus. 

But more importantly, aim to build relationships and co-ordinated response plans so that should the worst happen, you can collaborate effectively with your partners to contain incidents quickly and restore services. 

2How can we ensure cyber security protection across today’s extended third-party ecosystems?  

Whilst there is no way to ensure protection, a key part of managing your third party risk is identifying the suppliers and other partners who would present the most material risks if they came under attack. You can then bring them into your simulations and scenario planning in areas such as how to sustain services if access to compromised data needs to be curtailed or closed.

3Are we getting the most from our cyber security partners? 

It can be difficult to navigate today’s varied and extensive securities services market. It’s therefore important to have a robust process for scanning the market and selecting vendors. Where is the real value? Will it be delivered? Are we applying sufficient competitive tension rather than relying on a single supplier?

In managing securities services contractors, further questions include whether the responsibilities of in-house and third-party teams are defined and delineated clearly enough? Is it clear who is liable if there’s an attack? 

It's also important to ensure that contractors are keeping to their commitments and delivering full value for money. And when renewing, make sure that contract terms reflect the changing nature and scale of the cyber threats. 

How Berkeley can help

At Berkeley, we have experience of helping Heads of Procurement answer these questions through all stages of their cyber journey. We can help you to:

• Define your cyber strategy to set clear goals and ensure alignment with business strategy 
• Deliver your cyber transformation programme 
• Deliver cyber resilience capability uplifts in areas such as executive training, incident response preparation and business continuity planning
• Deliver specific projects in your cyber portfolio that you may be struggling with
• Rebuild and strengthen your cyber capabilities post cyber-attack
• Provide cyber assurance to meet a range of internal and external demands including Section 166 regulatory reviews 
• Engage your executive team, Board and operational stakeholders on how to manage cyber risks effectively and increase your cyber resilience.