How well do you know the risks posed by your third parties and supply chain?
Less than half of the UAE respondents say they thoroughly understand their third-party cyber and privacy risks.
You can’t secure what you can’t see, and most respondents to the PwC 2022 Global Digital Trust Insights Survey seem to have trouble seeing their third-party risks — risks obscured by the complexities of their business partnerships and vendor/supplier networks.
Among all UAE respondents, 59% expect an increase in reportable incidents in 2022 from attacks on the software supply chain, but only 44% have formally assessed their enterprise’s exposure to this specific risk.
But the UAE respondents have started taken action to minimise third-party or supplier risk:
refining their criteria for onboarding and ongoing assessments of third parties (62%)
rewriting contracts with certain third parties to mitigate their risks (56%)
providing knowledge-sharing or assistance to third parties shore up their cybersecurity postures (51%).
An organisation could be vulnerable to a supply chain attack even when its own cyber defences are good, with attackers simply finding new pathways into the organisation through its suppliers. Detecting and stopping a software based attack can be very difficult, and complex to unravel. That’s because every component of any given software depends on other components such as code libraries, packages and modules that integrate into the software and are necessary for its operation.
However the more complex the connection, the harder it becomes to see the risks buried within.