Procurement and Cyber Security – New Best Friends?

We are delighted to publish this post by Lucy Ashdown, head of network compliance for Tungsten Network, leading global eInvoicing, financing and analytics expert.  

Cyber security has never been more in the public eye. As the world turns digital, capabilities to access and use information illegally are growing by the day, which means it’s more important than ever for businesses and governments to be prepared.

After the Paris attacks, global leaders warned that cyber assaults from ISIL posed a very real threat to national infrastructure. In the UK, George Osborne spoke of threats to hospital and air traffic control systems, not to mention government records in defence and national security.

In the business world also, cybercrime has been shown as a very real threat to operations. After TalkTalk’s cyber-attack in October, the personal details of 157,000 customers were exposed, prompting the company to shut down online sales for three weeks. TalkTalk’s stock market value remains down nearly 20 percent since the attack was disclosed and its latest trading statement estimated the cost of the hack at £35 million.

Statistics support this growing media interest in cybercrime and show it is reaching new heights. The Department for Business, Innovation and Skills' (BIS) Information Security Survey 2015 shows that 90 percent of large organisations – employing more than 500 people – experienced a security breach, an increase of 81 percent from the previous year’s survey. The figure is similarly high for small businesses, with nearly three quarters (74 percent) reporting a breach of security.

The cost of such breaches is also on the rise. The bill from business disruption, lost sales, recovery of assets, fines and compensation quickly adds up. In the most recent BIS survey, the average minimum cost to a large organisation has risen to £1.46 million in 2015 – an increase of £860,000 from the £600,000 average in 2014. For a small business this figure has risen from £65,000 in 2014 to £75,200 in 2015.

For procurement professionals, this may mean the role as trusted advisor is extended further. The average procurement team will handle thousands and thousands of pieces of data in a year. Here at Tungsten – where our focus is on secure, efficient payments – we processed more than 14.8 million invoices in 2014 alone. With this volume of through-flow, ensuring data is secure is a logical extension of our capabilities.

As a unique conduit between a business and its many suppliers, procurement is uniquely placed to ensure a solid line of defence is in place. In the future, more people will place greater emphasis on choosing business partners with the highest standards of data security. But how can this be tracked?

One solution is to adopt a business-wide minimum standard on data security, such as ISO 27001, an international industry-recognised certificate to verify that a business has the appropriate controls in place for keeping data secure. This is something Tungsten has found extremely useful in raising general awareness on the importance of maintaining tight controls.

If a business adheres to ISO, and expects the same attention to data security from its suppliers and customers, overall the business community can only be stronger. An added benefit would be closer communication between buyers and suppliers, strengthening that community further.

It may be that online security is no longer something procurement professionals should rely on someone else to take care of. To be a leader in procurement, the job description may need a wider remit – trusted advisor, financial guru, and now security guard.

Discuss this:

Your email address will not be published. Required fields are marked *