In this guest post, Procurement Leaders invites 4C Associates’ Ed Ainsworth to discuss misconceptions around cybersecurity and where procurement executives really need to be directing their attention.
Cybersecurity is a big and genuine threat to every company. Attacks range from the sophisticated international state-backed type such as the attack on Sony, to the ‘bedroom hackers’ as we saw last month with Talk Talk.
Many small businesses will have also experienced a ‘social engineering’ attack, where a criminal is able to generate internal emails requesting payments to them. Sometimes these attacks can be of very high quality and include a surprising amount of information such as a holiday schedule and location.
As a result, the Cybersecurity industry is one of the fastest growing global industries - one estimate put the global market size at $170bn by 2020. Many boards are feeling that they have not adequately addressed this issue and are putting pressure on their management for solutions.
For example, Talk Talk, after suffering from a large cyber-attack, engaged BAE Systems to provide a full solution. Latest figures show that the Talk Talk cyber-attack could cost the company up to £35m in one-off costs, aside from the significant hit it took to its share price, reputation and the work it now has to do to rebuild its customer relations and trust in the brand. Other telecoms providers are spending hundreds of millions of pounds on solutions as suppliers capitalise on a growing fear of an attack as a reason to buy.
Cybersecurity has all of the characteristics of a category of overspend. The solutions aren’t clear and well understood. Most IT directors don’t have detailed understanding of encryption and access technology and the knowledge level outside IT is low. There are no industry standards and quality varies. It’s an exciting purchase and there are legitimate reasons for questioning the need for normal procurement scrutiny.
Procurement and finance managers will be wary of intervening and of supporting decision making, in the event that they could be blamed for a serious attack.
However, good procurement can add a lot of value to cybersecurity services by working through some key questions:
Every company now needs a cyber security strategy, however with support from procurement, then many companies can avoid overspending un-necessarily.
Ed Ainsworth is co-founder of procurement services company, 4C Associates.
This contributed article has been written by a guest writer at the invitation of Procurement Leaders. Procurement Leaders received no payment directly connected with the publishing of this content.