As the cyber threat landscape adapts, businesses are demanding a rethink for their cyber-security capacity. In a recent survey undertaken by the Bank of England, cyber-attack was cited by 74 percent of respondents as being one of the top five risks which would have the greatest impact on the UK financial system if it were to materialise. However, this issue is not sector-specific so whichever sector you find yourself in, cyber security should be a key element of your business strategy.
Advanced security controls come at a price, but not quite $1 trillion
You may ask yourself, “just how material is the risk?”. With the global cost of cyber-crime rising from $600 million in 2018 to $1 trillion in 2020, the answer is obvious. Costs are predicted to rise to $10.5 trillion by 2025, but fortunately there are controls which can be put in place to mitigate this risk.
With cyber security being a more prominent issue and CISOs increasingly getting a seat at the table, the maturity of most organisations’ cyber security controls is increasing and more and more frequently businesses are pushing for advanced controls such as Managed Detect and Respond, Endpoint Detection and Response, Network Detection and Response, and the latest buzzword: Extended Detection and Response. While it’s a given that these controls are fundamental to protecting your business, not enough thought is given to the commercial process and unlocking supplier value.
Cyber security specialists are fantastic at cyber security, but they’re not fantastic commercially
There is no question that cyber-security specialists are best in breed in the IT world. Cyber-security qualifications such as CISSP are no easy feat to achieve, meaning organisations have the best people protecting their business. However, they’re not always too “clued up” commercially. That’s why a procurement professional who not only can speak the language, but also truly understands the cyber security supplier landscape and the ins and outs of the commercial agreements is needed to make sure the value chain is maximised and added value is delivered over and above stakeholder expectations.
Let’s get it right the first time
Early engagement with procurement is key. Procurement will lead the charge, making sure only best in class suppliers are invited to tender. Through the preparation of a detailed RFP and a robust tender process including all the right stakeholders, suppliers will have the opportunity to demonstrate that they can align with and support your longer-term business and cyber security strategy. Then, through a methodical negotiation process you can be sure that the best possible commercial outcome is achieved. However, it’s important to realise the process doesn’t end there. Ongoing SRM and effective contract management is needed to optimise the value being delivered and ensure adherence with the key SLA and KPIs within the contract.
4C Associates are a specialist procurement and supply chain consultancy, supporting organisations across the all sectors to deliver maximum value from their suppliers. For more information, please contact William Laing at firstname.lastname@example.org.
To contact 4C Associates, book a meeting with us here.