Supply chain actors agree that everyone's a security risk – except themselves, of course
Perception is an illusion, grasshopper
Security surveys tend to confirm what we already knew a few months ago and the 2019 Global Cyber Risk Perception Survey (PDF) from Marsh and Microsoft does not disappoint.
This roller-coaster ride through the deepest thoughts of 1,500+ business leaders during February and March covers topics such as organisational confidence, approaches to adopting new technology and cyber security resilience.
Inevitably, much of it reads like a masterclass in stating the bleeding obvious.
Cyber risk had heightened since 2017, said 56 per cent of respondents. While 9 per cent expected to be done in by terrorists and 12 per cent were getting flustered over industrial espionage, 79 per cent felt cyber attacks should be their top business concern at the moment. Who'd have guessed?
In other questions, respondents said their governments should do more about the cyber threat, but that they had no confidence in government's ability to do it right. Again, yup.
Much more fun was watching those in various supply chains point the finger at each other. A significant 39 per cent were concerned by the level of cyber risk posed to their organisations by their supply chain vendors. But when asked whether they themselves could be a risk to everyone else, only 19 per cent admitted they might.
Either way, a worrying 43 per cent said they probably wouldn't be able to protect themselves from cyber threats if they came from their third-party partners.
If nothing else, the survey lays bare the fragility of the supply chain and that while participants are all too aware of it, they don't know what they can do about it.
The survey concluded that supply chain risks should be managed as a collective issue, sharing security standards across the entire network, each organisation honestly evaluating its own cyber impact on its partners. A bit of joined-up thinking is what's called for.
At the same time as Microsoft was reminding business leaders how scary cyber threats can be, its president Brad Smith was telling the US to stop blacklisting Huawei so that it can start supplying it with Windows software again. This must be some of that joined-up thinking in action. ®