Supply chain · 10 November 2015

Small businesses risk being frozen out of supplier contracts because of insufficient cyber security

The majority of procurement managers would consider removing a small business supplier if they were hacked
The majority of procurement managers would consider removing a small business supplier if they were hacked

Scottish small businesses have been warned they risk being banned from bidding for work due to their lack of cyber security to protect clients’ confidential data.

A survey of procurement managers across the country found that 70 per cent felt small and medium-sized firms needed to do more to prevent cyber attacks and protect vulnerable client information, or risk being disqualified from bidding for contracts.

The KPMG research said the overwhelming majority (86 per cent) of procurement managers would consider removing a small business supplier if they were hacked. Checking cyber security standards was considered a must, with 94 per cent of managers saying they were an important determinant when awarding contracts.

George Scott, director of cyber security for KPMG Scotland, said: “Cyber security is not just a technical issue anymore, it has become a business critical issue for Scottish SMEs. Larger companies are placing an increased emphasis on the cyber security of their suppliers and, increasingly, the onus is on SMEs to show that they are tackling this issue head-on.”

Two-thirds of procurement managers already ask their suppliers to demonstrate cyber accreditations as part of their procurement assessment and the research indicated this number was set to rise.

“Unfortunately, many SMEs still take a blasé approach towards cyber security and mistakenly don’t see themselves as targets of cyber criminals. Unless these organisations take a more mature approach towards cyber security now, they face the risk of being frozen out of lucrative supplier contracts,” Scott added.

FSB Scotland’s Colin Borland said small firms should keep an eye on the supply chain to make sure larger companies that store information were also doing all they could to keep it as secure as possible.

“While large firms are right to ask questions of their smaller suppliers regarding cyber security, small firms too, should be asking the big businesses they buy from, how they protect bank account and other vital details,” he said.

As well as the highly publicised TalkTalk hacking, smaller firms have recently been in the headlines for cyber attacks too. Scottish hairdresser Ellen Conlin Hair & Beauty said it had paid 1,000 euros in bitcoins when its system was hacked, feeling pressured into doing so because it couldn’t afford to lose business.

In order to make your business a less vulnerable target, some simple steps can be taken for protection, including cyber security assessments, digital footprint assessments and supply chain resilience exercises.

Image: Shutterstock

Sign up to our newsletter to get the latest from Business Advice.



Rebecca is a reporter for Business Advice. Prior to this, she worked with a range of tech, advertising, media and digital clients at Propeller PR and did freelance work for The Telegraph.

Work and Wellbeing