Gartner Analyst: Steps CSCOs Can Take to Bolster Cyber Defenses

Gartner research released earlier this year found that 60% of supply chain organizations plan to use cybersecurity risk as a “significant determinant” in conducting third-party transactions and business engagements by 2025.

In other words, chief supply chain officers better get on board with the latest threats. In a recently published Q&A,  Brian Schultz, senior director analyst with the Gartner Supply Chain Practice, spoke about the increasing need of CSCO’s to take a greater ownership share in cybersecurity strategy.

“CSCOs are not expected to be substitutes for chief information security officers,” he said. “What they will increasingly be expected to do is have a grasp of how supply chain cyberattacks are evolving, including, for example, more sophisticated attacks that can impact products undetected until they reach the customer. They also need to play a leading role in third-party risk management, as attacks on key suppliers can cause significant business continuity disruptions.”

An advantage CSCO’s have, Schultz noted, is their experience in “coordinating action among many different stakeholders.” Supply chain cyber resilience, he said, depends on the ability to bring multiple stakeholders from both inside and outside the organization together to increase visibility and identify threats.

“We recommend CSCOs build this visibility by identifying the key operational assets that support the organization’s value drivers, assess the impact of a loss of these assets in terms of business costs in lost days of operation and then clearly communicate these impacts to the board and C-Suite,” Schultz said, noting a playbook should be implemented to monitor assets and schedule regular testing of mitigation plans.

In the Q&A, Schultz identified several steps organizations can take to begin building cyber resilience and laid out a four-step plan to create a supply chain third-party risk management program. But, Schultz emphasized that no cyber program is 100% effective.

“The best-case scenario is reaching a state where cyber resilience is in line with the organization’s risk appetite. Once the risk exposures are clarified both for CSCOs and their stakeholders, then expectations for the level of protection can be agreed upon and operationalized,” he said.

Gartner clients can read more on this subject in 3 Actions to Combat Cybersecurity Risks in Your Supply Chain. Nonclients can learn more in the on-demand webinar: 3 Strategies to Defend Your Supply Chain Against Cybercriminals.

SC
MR