More rigorous standards must be applied to the supply chain to ensure cyber security

Within a networked supply chain, every company is only as strong as its weakest link, and any entry point for cyber criminals – no matter how decentralised from the core security of the organisation, poses an intrinsic threat to the entire network.

To address this, businesses should pay closer attention to the cyber security arrangements of their partners – and demand Cyber Essentials as a matter of course during the tendering process, says APMG International.

Richard Pharro, CEO of accreditation and certification body, APMG, commented: “Small companies don’t tend to be very well protected partly because they don’t have the resources to bolster their defences, but also because they don’t feel like they’ve got information that is very important. What they do offer is a pathway to information on other systems – the backdoor in to their partners’ organisations. The supply chain is one of the biggest issues facing businesses today, and it’s only now after some very large and high profile breaches that this issue is coming to the fore. As a cyber criminal, if you know a large company is very well protected, but a small supplier isn’t, you go for the smaller company.

“Taking the example of the weakest link, if your partners or subsidiaries have weaker cyber security defences than you do, there’ll be a chink in the armour. If you don’t take steps to address this, you are opening yourself or your partners up to potentially huge risks. With a little imagination, any defect in the sprawling infrastructure could be exploited, with huge repercussions. The breach of US retailer Target in 2013, initiated through its heating, ventilating and air conditioning contractor, stands as a prime example of this, highlighting the importance of supply chain security,” he continued.

Pharro went on to say that the world of business should build on the example recently set by the UK Government last year and make certification against Cyber Essentials a compulsory requirement for organisations bidding for contracts.

Developed by the UK Government as part of a broader initiative to raise cyber security awareness and preparedness in businesses of all sizes, Cyber Essentials provides a set of criteria against which organisations can measure their cyber security systems. Achieving the certification demonstrates to customers and partners that a business has taken basic and essential cyber security precautions.

“While there is arguably more work to do to secure the public sector supply chain, the Government has set a good example by demanding that certain suppliers certify against Cyber Essentials. There is a strong case that the public sector should hold their suppliers to a similarly high account and make Cyber Essentials a mandatory requirement for doing business. The Government estimates that 80 per cent of successful cyber attacks could be stopped by basic security measures. By opting to only work with suppliers that have achieved Cyber Essentials, businesses would go a long way to improving the security of their supply chains and their data,” Pharro concluded.

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

OneLink

Product Spotlight – Gallagher’s OneLink

Gallagher Security presents, OneLink – the product that is elevating remote security through the power of the cloud 
Intersec Saudi

Intersec Saudi Arabia returns with record exhibition space

Intersec Saudi Arabia, the premier industry platform for security, safety and fire protection, will return to the Riyadh…
Doorbird Carousel

Product Spotlight – Door Communication for the “Neue Wallufer”

 A customised solution case study for a residential complex is presented by DoorBird and CompuNet Systems GmbH 
ASSA ABLOY

Electric locks are a vital component in digital access

To protect the important openings in their buildings, organizations need locks they can trust. This means more than just strength…
Videx

Videx Unveils the ERA23V

Videx has launched the ERA23V, a sleek and innovative video entry panel designed to redefine door entry and access control.
The Role of AI Gateway Devices

From the Expert – The Role of AI Gateway Devices

AI gateway devices bridge legacy security cameras and cloud platforms, enabling real-time analytics, hybrid storage, and compliance…
Cover Story - Empowering the Mobile Workforce with HID

Cover Story – Empowering the Mobile Workforce with HID

HID presents the latest in portable readers, depicting a modern world where secure access moves with you…
ASSA ABLOY Door Group

Critical new foreword to EN 15269-2

ASSA ABLOY Door Group is drawing attention to a critical update in fire safety standards that significantly impacts the design…
access control integration

HID Redefines Physical and Digital Security Integration

HID announced the launch of HID Integration Service, a platform that integrates physical security, cybersecurity and digital identity…
Image provided by Netgenium

School Safety with new IP audio lockdown system

A Northwest primary school has invested in a new IP (Internet Protocol) audio lockdown system to improve the protection of staff…
Scroll to Top