Supply Chain Risk Management

supply chain risk management

Can you rely on the cyber resilience of your supply chain partners?

Global supply chains are increasingly putting you at risk from the poor cyber security practices of others. A recent Harvard Business Review (HBR) report suggests that up to 60% of reported cyber-attacks were launched from the IT systems belonging to suppliers or other third parties.


Amplification of supply chain risk


Organisations need to establish and maintain a “trusted relationships” with supply chain participants and that begins with:

  • a better understanding of the cyber posture of your counter-parties, and
  • an ability to quickly respond to any change in that circumstance.

Typically, organisations undertake a level of due diligence before entering into a supply chain agreement; this used to include: product quality, commercial performance and legal undertakings. It now means more; it means shared security standards, IT audit rights and even vendor security risk ratings to better manage your organisation’s cyber security position.


See how your Supply Chain can amplify your organisation’s risk
Download the infographic now

Infographic Supply Chain Risk Management


Mind the Gap – Quantifying Supply Chain Risk

How can you quantify trust and cyber posture of your supply chain partners as it relates to your business risk? The Huntsman Security Scorecard delivers an aggregate score that allows your stakeholders to instantly measure cyber posture against up to eight key security controls. Imagine being able to automatically report the following to your risk and compliance team:

  • A summary measure of cyber resilience and hence residual security risk of each chain partner
  • Visualised partner performance against key security controls, including trends over time
  • Having established
    • a baseline against which improving cyber resilience can be measured,
    • a league table that visualises cyber resilience status of all supply chain partners, their ranking against an established baseline and identification of any remediation required.


Automation delivers instant reporting

Being able to access business metrics, when you want them, is very important. The software automatically collects data and creates the Security Scorecard and management report that provides instant or scheduled visibility of security performance to the security operations, risk and compliance teams. An aggregated report also provides the Board with a summary measure of the status of threats, by supply chain partner, and their potential risk to business operations.

The underlying Security Scorecard technology gathers data from key security sources within the partner ICT environment to report their ongoing security operations and define any shortcomings.

The functionality provides summary and detailed status of eight security controls including:

  • Patching and vulnerability management of systems and applications
  • Application whitelisting, patching, configuration and macro execution control
  • User management and authentication
  • Privilege management
  • Backups

The same functionality forms the underpinnings of our ACSC Essential Eight compliance capability. Additionally it includes many of the controls recommended by the UK Government’s NCSC Top 10.


Improve the communication of your Cyber Security position

Measuring the key metrics of your supply chain partners’ cyber security position enables risk based cyber security decision-making, identifies partners requiring particular assistance and drives cyber risk mitigation across the broader enterprise supply chain. It gives management the key insights necessary to evaluate and manage the cyber health and competitiveness of your business.


Want to find out more?

Download the Security Scorecard 2 page overview.

Security Scorecard Overview

Alternatively, contact our Security Specialists for a conversation or a meeting Click here