A new Kaspersky study has revealed that more than two-thirds of companies are willing to invest in the security of their contractors and suppliers to guarantee invulnerability to cyberattacks, while a further quarter is already doing that. This shift signals that contractors are now considered by businesses as part of a single, interconnected security ecosystem.
Amid a surge in supply chain attacks, hitting nearly every third company and trusted relationship attacks affecting a quarter of companies globally over the past year[1], organizations reconsider their approaches to internal security, recognizing that their own cyber risk hinges on the security posture of any contractor or partner with access to their infrastructure and systems, and are prepared to act accordingly.
According to the survey, 69% of respondents are considering investing in the security of their contractors to strengthen their own cyber resilience. This readiness is especially high in India (83%), Indonesia (80%), Russia (80%) and Brazil (76%). It is noteworthy that organizations in Indonesia, Brazil and Russia show higher trust in contractors than those in other countries — this is evidenced by a higher than average number of contractors with access to the companies’ systems.
At the same time, 25% of businesses have already begun sharing security costs with their contractors, moving from intention to action. The adoption rate is higher in Hong Kong and Taiwan (33%), Spain (33%), Turkey (31%) and Vietnam (31%).
“Today businesses realize that security cannot end at the boarders of their own organization, it must extend across the entire ecosystem,” comments Sergey Soldatov, Head of Security Operations Center at Kaspersky. “Smaller companies often lack the security capabilities of the enterprises they serve, posing extra risks to the latter. By sharing resources and expertise, larger companies can close this gap, strengthening weak points throughout the entire dependency chain — and become a key driver of global cyber resilience.”
To reduce supply chain risks, Kaspersky recommends that companies strengthen their security through organizational measures, including rigorous and evidence-based evaluation of software providers. By assessing vendors’ security practices, reviewing software development processes and applying structured evaluation frameworks companies can ensure that only secure, resilient products work in their internal infrastructure. A more detailed guide on how to choose the best product is available via the link.
