Cyber resilience through transparency and protection
Your expert for questions
Nial Moore
Director, Cyber Security Strategy & Risk at PwC Germany
Tel: +49 171 7611535
Email
Cyberattacks and disruptions to global value chains now regularly cause operational performance issues. The results of our global cybersecurity study, Digital Trust Insights 2024, show that 56% of all companies expect cyberattacks on the supply chain. Although many organizations have already implemented measures to improve their own cyber resilience, few have sufficient transparency regarding the risk situation outside their own organization.
One thing is certain: more and more companies are affected by disruptions and bottlenecks in their supply chains. These are no longer individual supply chains, but ecosystems comprising a multitude of interconnected companies and organizations. However, these ecosystems are vulnerable.
If management fails to manage these risks appropriately, it will result in immense economic damage and, in the case of critical infrastructure, supply bottlenecks.
Almost all current cyber regulations therefore include requirements to secure supply chains: NIS-2, DORA, CRA, the EU AI Act, and the KRITIS regulations are prominent examples of this. They are binding for numerous sectors and a growing number of companies and provide for severe penalties for non-compliance.
Solarwinds, Kaseya, Log4j: in order to identify threats and respond to them, companies must answer the following questions:
PwC has supported numerous organizations in meeting these challenges—from hidden champions among small and medium-sized enterprises to large global corporations. Take advantage of this experience for yourself!
Support from strategy to target operating model
Establishment of dedicated supplier security risk management and implementation of comprehensive third-party risk management structures.
Combining IT and OT perspectives
Explicit consideration of the software supply chain
Analysis, design, implementation, and operation as a full-service provider
Expertise in the implementation and further development of tool-supported processes.
When it comes to supply chain cybersecurity, the basic rule is that all cybersecurity requirements that organizations impose on themselves in the form of guidelines and policies should also be expected of all external partners. This is because these specifications correspond to the organization's risk appetite and therefore also apply to external third parties. In this respect, many organizations are not starting from scratch but have already defined the requirements for external third parties.
Compliance with these requirements must be analyzed in an economically sensible manner regarding supply chain partners:
“Supply chain cybersecurity must not end with the analysis of risks posed by third parties. Rather, the analysis should form the basis for the desired response capability.”
Nial Moore,Director, Cyber Security Strategy & Risk at PwC Germany
