Cybersecurity incidents impacting businesses through suppliers that they share data with is getting worse, the latest edition of Kaspersky’s annual IT Security Economics report has revealed.

According to the cybersecurity business’ research, the average financial impact of such an event for an enterprise reached $1.4million globally in 2021, making it the “most expensive type of incident.” This is despite not reaching the top five incidents last year.

Attacks where global businesses are affected through their contractors have become a trend, the company said.

Business data is typically distributed across multiple third parties including service providers, partners, suppliers, and subsidiaries. As such, organisations need to consider not only the cybersecurity risks affecting their IT infrastructure but those that can come from outside it.

The survey found that almost a third – 28 per cent – of large organisations in Europe suffered attacks involving data shared with suppliers. However, this number hasn’t changed significantly since the 2020 report (when it was at 29 per cent). But the financial impact had risen since last year when it was $839 million.

“The severity of cybersecurity attacks highlights the need for organisations to take the risk of a breach involving shared data with suppliers into account, when assessing cybersecurity needs for their businesses,” said Evgeniya Naumova, executive vice president, corporate business at Kaspersky. “The pandemic has changed the threat landscape and organisations should be ready to adapt to it.

"Companies should grade their suppliers based on the type of work they do and complexity of access they receive (whether they deal with sensitive data and infrastructure or not), and apply security requirements accordingly.”

Share Story: