Managing Cyber Risk in Charities' Supply Chains

On October 4th 2022, Darkbeam CEO Charles Clark spoke at a roundtable event for Procurement leaders from some of Britain’s largest charities, hosted by Novo-K SMARTprocurement. Charles’ talk was an introduction to the principles of cyber risk in supply chains – a risk factor which affects all organisations including charities.

In addition to explaining the risks (operational, financial and reputational), Charles explained the benefits of partnerships which provide capabilities to Procurement teams, rather than the traditional vendor-user relationship.

To allow participants to speak freely, the event was not filmed. Below is a transcript of Charles’ talk.

Darkbeam and Novo-KDarkbeam CEO Charles Clark (centre left) pictured with three other attendees of the charity Procurement roundtable event.

Up until 15 or 20 years ago, we lived in a world framed by four very clearly defined resources:

  • Land
  • Sea
  • Air
  • Space

Each of these dimensions is strongly governed by internationally recognised laws and regulations. These rules protect the way resources are used.

On land, international and regional boundaries are supported by individual ownership rights. Similarly, the sea is divided by territorial boundaries. Tight rules govern air space and the way we travel through it.

Cybersecurity, the 5th dimension

Like all good dramas, the four actors on-stage are joined by an antagonist. I believe that cyber is the 5th dimension. I appreciate that this is a big statement but I believe we rely on cyber for our businesses and personal life as much if not more than the other four.

Yet, cyber does not recognise or comply with any of the rules we are used to living by. It is boundaryless and can be travelled through anonymously. The consequences of being caught committing crimes are limited in large parts of the world. The bad actors are a very spall proportion of internet users but they have a disproportionate impact.

Because the major internet superpowers (US, China and Russia) will never agree on how the internet should be policed, governments around the world remain toothless. This has resulted in responsibility for policing the use of the internet down onto those of us in this room. This has been done through regulations and compliance policies.

Vendor vs Capability

I have worked with Procurement professionals for years and I believe – rightly or wrongly – that Procurement teams need another technology vendor like a hole in the head. I have found that partnering with a client delivers a capability to the Procurement team, supporting them to deliver many times better results.

This is why I at Darkbeam partnered with Kavita at Novo-K SMARTprocurement. Cyber risk management capabilities should be discretely but importantly embedded in existing procurement processes and activities.

Teams should have access to experts to support them to achieve their objectives and be an extra set of eyes on risk. Furthermore, suppliers should be engaged and understand your needs and objectives so they can be more effective in how they engage and manage their own security. It is a collaborative constructive effort.

Darkbeam and Novo-K SMARTprocurement's services ensure that charities in the United Kingdom:

  • Continue to deliver their service uninterrupted to their beneficiaries
  • Don’t trip up on a regulation which impacts their reputation

Through integrations with the leading Procurement platforms, this can be achieved without the need to add a new piece of software to a team’s workflow.

Hyper-connectivity: a gift and a curse

We are all connected with our suppliers. Moving from doing business on a handshake to doing everything digitally is a material shift. This shift is positive, undeniably. But it means we are all connected by an invisible digital network.

If a bad actor gains access to a supplier in our network, they can traverse from suppler to charity using the trust that the charity automatically gives that supplier. Once inside the charity’s system, the bad actor can steal or disrupt.

There are examples of this in the non-charitable sector. One famous example is the American retailer Target. Attackers were able to compromise their heating and ventilation supplier. They used this system's trusted status to access detailed information for about 40 million credit and debit card accounts, as well as personal information on about 70 million Target customers.

So how do we, as Procurement professionals, approach this hidden risk whilst delivered the service that is expected of us day in, day out?


Cyber risk is managed no differently from any other risk. Yes, it requires specialist skills to maintain – bit how it is managed and measured at the Procurement level is no different. I believe it should be a table stake in any service or capability that you are looking to introduce.

The people in this room are focused on:

  • Relieving poverty
  • Protecting the vulnerable
  • Protecting the environment
  • Developing communities
  • Protecting human rights
  • Promoting education
  • And much more

Kavita and I want to assist you in doing this as effectively as we possible can.

If you represent a charity and would like to know more about how Darkbeam and Novo-K SMARTprocurement can support your Procurement risk reduction / resilience building efforts, please contact us using the form below.



Subscribe Here!