Supply Chain Cyberattacks Leverage Trust Relationships Between Companies

September 9, 2024

Supply Chain Cyberattacks Leverage Trust Relationships Between Companies

Samuel D. Goldstick from the Foley firm writes that a digitized supply chain increases the potential for supply chain cyberattacks. Trust relationships are inherent in installing vendors’ and suppliers’ software within a company’s network, and hackers target the weakest link in the chain of trust. These weak points can allow them to infiltrate multiple organizations through a single point of compromise.

The number of organizations hit by supply chain cyberattacks has grown exponentially since 2018. In 2023, more than 54 million companies were victimized by a supply chain-related disruption, with an average annual loss of $82 million per organization in key industries: financial services, aerospace, health care, and energy.

The Foley article suggests implementing a comprehensive risk management framework integrating Cyber Supply Chain Risk Management (C-SCRM) principles. C-SCRM, Goldstic explains, is a systematic process for managing exposure to cybersecurity risk throughout supply chains and developing appropriate response strategies, policies, processes, and procedures.

Vendor due diligence is the first line of defense. The list of cybersecurity components to check is long, but it pays off in mitigating the potential risks associated with third-party vendors. Ongoing security assessments and audits are necessary to ensure compliance with cybersecurity standards and other legal and contractual requirements throughout the supply chain lifecycle.

Every RFP and contract with supply chain providers must include robust cybersecurity requirements. These should, at a minimum, cover the resiliency of the providers’ systems, personnel training, prompt notice of a data breach, and other measures necessary for compliance with laws and industry standards.

Developing or updating incident response plans should include processes for responding to cyber incidents that involve or originate from important third-party supply chain providers. Develop disaster recovery plans and test them regularly to ensure that business operations continue in the event of a supply chain cyberattack.

Sign up for our weekly newsletters specifically curated to different practice areas: litigation, cybersecurity & data privacy, legal ops, and compliance.

Critical intelligence for general counsel

Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top