Small and Medium Sized Enterprises (SMEs) risk being disqualified from bidding for work because of the lack of importance they are placing on looking after their valuable client data, according to a survey of procurement managers by KPMG.
The multisector KPMG survey of 175 procurement managers across the UK from organisations with over 250 employees revealed that the general consensus (70%) of procurement managers is that SMEs should be doing more to prevent cyber attacks and protect valuable client data.
The vast majority (86%) of respondents said they would consider removing an SME supplier if they were hacked and nearly all of the respondents (94%) confirmed that cyber security standards are important when awarding contracts to SME suppliers.
George Quigley, Partner in KPMG’s cyber security practice, commented:
“Cyber security is not just a technical issue anymore; it has become a business critical issue for the UK’s SMEs. Larger companies are placing an increased emphasis on the cyber security of their suppliers and increasingly the onus is on SMEs to show that they are tackling this issue head on.”
“Unfortunately many SME still take a blasé approach towards cyber security and mistakenly don’t see themselves as targets of cyber criminals. Unless these organisations take a more mature approach towards cyber security now, they face the risk of being frozen out of lucrative supplier contracts.”
Already two-thirds of procurement managers ask their suppliers to demonstrate cyber accreditations (ISO27001, Cyber Essentials, IASME certifications or PCI DDS) as a part of their procurement assessment, with this number likely to increase in the near future.
In addition, SMEs are increasingly being asked to self-fund their own accreditations. In the absence of accreditation, two-fifths (41%) of procurement managers expect their suppliers to pay for their own accreditations and reach a certain level of cyber maturity in the near future.
George Quigley concluded:
“In order for businesses to be awarded some public sector contracts they already have to demonstrate a certain level of cyber maturity and this is increasingly becoming the norm in the private sector as well."
"Companies are also embedding cyber security in their supplier contracts with about half (47%) of existing contracts already stating that suppliers are contractually obliged to tell if they have been hacked. This means that if a SME supplier is breached and doesn’t deal with it appropriately, they could be looking at the termination of an existing supplier contract.”
The Government is already looking to increase the cyber maturity of UK businesses, with accreditations like the Cyber Essentials Scheme. KPMG said the UK could only expect the bar to be raised higher in the coming years.
Barhale has completed work on two separate Rapid Action Taskforce Spills projects it is carrying out for Severn Trent.
Börger UK, which has firmly established itself as a leading pump brand since it was set up in Staffordshire in 2004, has moved into bigger, brand-new premises in Shrewsbury.
HUBER Technology UK & Ireland are inviting people to register for their March webinar where they will be providing information about HUBER water intake screens for municipal and industrial applications.
Sulzer has launched a new global Center of Excellence (CoE) for Water Treatment Solutions - the CoE consolidates Sulzer’s wastewater treatment expertise in a unified and global manner.
Hear how Scottish Water has completed its £235 million Ayrshire Glasgow Resilience Project - customers across Greater Glasgow, Ayrshire and East Renfrewshire will now benefit from a more secure and resilient water supply.
Hear how United Utilities is accelerating its investment to reduce spills from storm overflows across the Northwest.
Find out more about the remarkable career opportunities on offer at WSP - scroll down to watch the inspirational video.