A FRAMEWORK FOR CATEGORY MANAGERS LOOKING TO MEASURE THE CYBER RISK IN THEIR SUPPLIERS
In most procurement teams the number one need for category managers is to ensure the efficient and on-time supply of orders. As such, understanding the cyber-risk of a supplier is important from the perspective of both the consequences of disruption and potential data loss.
The “Watchlist” functionality in Darkbeam Horizon allows category managers to see the digital risk associated with thousands of their suppliers in one go. But this level of information can be daunting and we are regularly asked how they can focus on those suppliers that represent the biggest potential threat.
One way to do this is to look at the vendors in the context of the potential business impact a cyberattack on a supplier could have on your organisation. Factors affecting this are:
- Is a supplier Indirect / Direct?
- Total $ exposed (spend with a supplier)
- Cyber threat backdrop (threat intelligence)
- Vulnerability analysis (Darkbeam score)
- Impact analysis.
We look at Impact analysis across three areas:
- What are the consequences of an event with a particular supplier or category of suppliers from a regulatory, brand, financial and operational perspective?
- What is the value of the data and processes at threat with a particular supplier or category?
- What is the latent threat level of a particular category of supplier? For instance software vendors are more vulnerable than office stationery suppliers.
By scoring each of these variables it is possible to quantify the Business Impact at a category and then supplier level. Combining this with the Darkbeam score produces a heatmap, which allows category managers to focus on those vendors showing high levels of Digital Risk vulnerabilities, where the Business Impact of a cyber-event is also high.
To assist category managers, Darkbeam have developed a simple and intuitive Cyber Risk playbook.
The spreadsheet leads users through the process of entering the impact variables leading to a RAG score highlighting those suppliers requiring the most immediate focus.
To get up-and-running on creating heat-maps of your vendors digital risk, please download the playbook, and sign-up for your free myHorizon account.