Paul O’Leary, a director in KPMG’s Risk Consulting practice in the North East

Member Article

North East’s SMEs given cyber security warning

SMEs across the North East risk being disqualified from bidding for work because of the lack of importance they are placing on looking after their valuable client data, according to a survey of procurement managers by KPMG.

A multisector KPMG survey of 175 procurement managers across the UK from organisations with over 250 employees revealed that the general consensus (70%) is that SMEs should be doing more to prevent cyber attacks and protect valuable client data.

The vast majority (86%) of those in procurement said they would consider removing an SME supplier if they were hacked and nearly all (94%) confirmed that cyber security standards are important when awarding contracts to SME suppliers.

Paul O’Leary, a director in KPMG’s Risk Consulting practice in the North East, commented:

“Cyber security is not just a technical issue anymore; it has become a business critical issue for this region’s SMEs. Larger companies are placing an increased emphasis on the cyber security of their suppliers and increasingly the onus is on SMEs to show that they are tackling this issue head on.

“Many of the SMEs we talk to remain unaware that they could be a target of cyber criminals. Unless these organisations take a tougher approach towards cyber security now, they face the risk of being frozen out of lucrative supplier contracts.”

Already two-thirds of procurement managers ask their suppliers to demonstrate cyber accreditations (ISO27001, Cyber Essentials, IASME certifications or PCI DDS) as a part of their procurement assessment, with this number likely to increase in the near future. In addition, SMEs are increasingly being asked to self-fund their own accreditations. In the absence of accreditation, four in ten (41%) of procurement managers expect their suppliers to pay for their own accreditations and reach a certain level of cyber maturity in the near future.

O’Leary concluded: “In order for businesses to be awarded some public sector contracts they already have to demonstrate a certain level of cyber maturity and this is increasingly becoming the norm in the private sector as well.

“Companies are also imbedding cyber security in their supplier contracts with about half (47%) of existing contracts already stating that suppliers are contractually obliged to tell if they have been hacked. This means that if an SME supplier is breached and doesn’t deal with it appropriately, they could be looking at the termination of a contract.

“The government is looking to increase the cyber maturity of UK businesses, with accreditations like the Cyber Essentials Scheme. We can only expect the bar to be raised higher in the coming years. There is no time like the present for SMEs to start taking the initial steps towards increasing their level of cyber maturity.”

Looking to promote your product/service to SME businesses in your region? Find out how Bdaily can help →

Enjoy the read? Get Bdaily delivered.

Sign up to receive our daily bulletin, sent to your inbox, for free.

* Occasional offers & updates from selected Bdaily partners

Our Partners