Information is the new oil. Countries, governments, businesses and individuals extract power, influence, competitiveness and knowledge from it. For this reason, it is no wonder that there are numerous documented instances of malfeasance where these beneficiaries of data go to extreme (and in some situations, illegal) lengths to obtain such information. 

With the proliferation of the Internet, wireless transactions, and adoption of cloud-based services, cybersecurity (which used to be an issue for governmental agencies - think Australia's ASIS, United States' FBI or the United Kingdom's MI5) is now a normalised fear and poses a threat to businesses and individuals alike.

Bringing our attention to the former, specifically in the area Procurement Management, Cybersecurity appears to be a malignant tumour that is spreading and threatening the supply chain business operations. Unfortunately, suppliers and their clients don't seem to be taking proactive measure to eradicate this ailment.

New Call-to-action

According to George Quigley, a partner in KPMG's cyber security division, he states that "many SME still take a blasé approach towards cyber security and mistakenly don't see themselves as targets of cyber criminals. Unless these organisations take a more mature approach towards cyber security now, they face the risk of being frozen out of lucrative supplier contracts."

With the increased notoriety of hacking scandals at both large and small sized corporations, the safeguarding of consumer information is gaining front-line attention by governmental bodies and customers alike.

A KPMG survey which polled 175 buyers found out that "70 percent of small firms should be doing more to secure client data". Furthermore, the 86 percent of the buyers stated that "they would ditch a vendor who has been hacked, and 94 percent said that cyber security standards were "important" when awarding contracts."

Bottom line: Suppliers need to buckle up and make sure that they're instituting policies and procedures that prevent against such unfortunate misdemeanours.

Executionally speaking, how should these vendors go about putting such protective measures in place?

This other KPMG study "Keeping Up With the Pace of Change: Demands by Customers Are Driving the Life and Annuity Agenda" which explores the transformative effects of technology advancements and consumers demands on the annuity business landscape, identifies a four-step "Cyber Intelligence Process" to combat issues of cyber security:

1) Set

The ability to decide what intelligence we need to improve understanding of the threat and to set our intelligence gathering priorities. 

2) Gather

The ability to gather cyber threat intelligence relating to cyber security threats and vulnerabilities from a range of sources and translate these into a common language. 

3) Analyse

The ability to analyse cyber intelligence gathered and to make links between discrete pieces of information to create actionable intelligence.

4) Act

The ability to make intelligence-driven decisions and act both tactically and strategically to prevent or respond to threats.

The two main reasons why Suppliers should  pay attention to this epidemic is as follows: 

Respect to Customers

Safeguarding vital (company and customer) information shows that Suppliers not only respect themselves but also, the clients that they conduct business activities with -  especially since they've handed over sensitive/personal information.


Trust is a hard virtue to earn and when it is lost (in the event of a hacking scandal for instance), it becomes so much more difficult - if not impossible - to win back.

Hopefully, Chief Procurement Officers begin to ask thier Suppliers, hard questions about the safety of their information and hold these vendors accountable to high standards.

New Call-to-action

Locomote Demo