Posted by Johann Nacario — September 28, 2023 — Avetta, a provider of supply chain risk management software as a service (SaaS), has announced the launch of the Cyber Risk Solution, providing a quantitative score that evaluates cyber health in 10 areas and delivers an aggregate grade for each supplier. The Avetta One feature offers a diagnostic cyber health check that identifies potential risk areas for companies to investigate further.
Graphic courtesy of Avetta. Click to enlarge
The problem
Supply chains are particularly vulnerable to cyberattacks, as suppliers, contractors and vendors tend to have less mature information technology (IT) and security functions. Consider this:
- Almost half of small businesses have been victims of cyberattacks.
- Garner predicts 45% of global organizations will be impacted by a supply chain cyberattack by 2025.
- A total of 108.9 million global accounts were breached in the third quarter of 2022, a 70% increase compared to the previous quarter.
- IBM found 75% of organizations have had a ransomware attack — 64% paid the ransom, and 40% failed to recover their data.
U.S. disruptions in fuel supplies occurred when a hacker launched a cyberattack on Colonial Pipeline by stealing a single password. Cyberattacks can cause debilitating business disruptions involving stolen data, locked systems, interrupted operations, and other problems throughout a supply chain. These attacks are also incredibly high profile and can put a company’s reputation at risk.
The solution
The Cyber Risk Solution is the latest component of Avetta One, a comprehensive supply chain risk monitoring platform. The new feature provides instant visibility into the cyber health of a company’s full supply chain, including continuous monitoring that alerts clients when the risk score falls outside of an acceptable range. Clients can use it as a diagnostic tool to gain insight into third-party cyber risks and inform sourcing decisions.
Avetta Chief Product & Marketing Officer Taylor Allis pointed out:
Suppliers and contractors are often an overlooked cybersecurity risk, but supply chain cyber-attacks are increasing and can have devastating consequences. Avetta’s Cyber Risk Solution transforms the supply chain risk management landscape by offering a comprehensive way for businesses to constantly monitor all third parties for safety, financial health, ESG and now cybersecurity.
Avetta’s Cyber Risk Solution can identify potential risks that could lead to an attack, making it a critical part of understanding holistic supplier and contractor risk. For example, a supplier with an F rating is seven times more likely to be a victim of a cybersecurity breach than one with an A rating.
A procurement leader at a large transportation company said the Cyber Risk Solution’s reporting capabilities are “fantastic,” adding:
I can get a clear picture into the suppliers that have a cybersecurity risk and am able to drill down into specific issues easily.
The feature can be used for companies of all sizes and industries, but it is particularly relevant to companies with large dependencies on supply chains for operations and delivery, due to the magnitude of a potential business interruption from a cyber incident. Power generation and utility companies can be especially vulnerable because power outages or service interruptions can impact thousands or millions of consumers.
Avetta’s Cyber Risk Solution is powered by SecurityScorecard, a security ratings, response, and resilience company. The company provides actionable insights for over 12 million organizations so users can know who to trust, quickly respond to cyber risks, and strengthen cyber defenses. SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
Alex Rich, vice president, Strategic Alliances at SecurityScorecard, said:
While more organizations today are aware of the cyber risks they face, we find that many still neglect the massive cyber vulnerabilities in their extended supply chain. Organizations need visibility into the security ratings of their entire third- and fourth-party ecosystem so that they can know in an instant whether an organization deserves their trust and can take proactive steps to mitigate risk; with this partnership, Avetta is helping their clients get simple visibility into those third-party risks to protect their data and the smooth flow of operations.
Clients can share suppliers’ Cyber Risk Scores with any of their suppliers so they can understand their cyber gaps and enact mitigation and corrective action plans to reduce potential supply chain cyber threats.
To learn more about the Cyber Risk Solution, visit Avetta One.
