28/07/2022 – Hermes-Barometer survey on IT and data security

Increasing concern about cyber attacks on supply chains

The threat that is presented to supply chains by cybercrime has increased. A growing number of companies are addressing the potential risks and taking security measures.

Hermes-Barometer-Supply-Chain.jpg

150 logistics managers from German companies took part in the survey on IT and data security in the supply chain. © Hermes

 

The focus has shifted in particular to the security of customer and employee data. This shift is reflected in the results of the 16th Hermes-Barometer titled “IT and Data Security in the Supply Chain” by Hermes Germany – a survey conducted among 150 logistics managers in German companies.

According to this, 13% of the companies surveyed have in fact already been affected by disruptions or failures in the supply chain due to IT security incidents. Further, as many as half of the decision-makers surveyed (51%) see IT security problems such as hacker attacks or computer viruses as the greatest threats to their own supply chain – an increase of 10% compared to 2017. “Digitization is becoming increasingly important in making supply chains more resilient and also more efficient. At the same time, decision-makers are more aware of the growing threat posed by cybercrime,” says Moritz Gborglah, Division Manager and digitalization expert at Hermes Germany, explaining the results.

Security of data and data transfers in the spotlight

Following the results of the survey, data and data transfer are particularly sensitive corporate areas within the digital supply chain that require effective protective measures. Consequently, more than half of the logistics managers surveyed (56%) see a particularly high risk potential in unauthorized access to customer and employee data. For 41% of interviewees, the automated exchange of data with suppliers and partners is particularly vulnerable to possible attacks; for larger companies, this figure is as high as 53%. By contrast, only approximately one-third of respondents consider the use of online payment systems and online retailing (39% each) as well as IT-supported warehousing (32%) to be particularly at risk from potential IT security incidents.

Confidence in own security mechanisms is strong

At 72%, almost three-quarters of the logistics decision-makers surveyed believe that they have the necessary expertise within the company to limit the threats to their IT systems to an acceptable level. The larger the company, the greater the confidence in its in-house defense mechanisms. Three quarters of companies (78%) fall back on internal IT departments for this purpose. Only 7% of respondents, on the other hand, relied on internal cybersecurity experts to optimize IT security. “Exclusively securing the company’s own IT environment is not sufficient within a global supply network,” Gborglah said. “With increasing networking, we recommend that companies also keep an eye on the systems of their cooperation partners. Transparency in the supply chain plays a central role in this context.”

58% of panellists expect to be increasingly affected by security incidents involving cooperating companies. While 48% claim to have comprehensive information regarding the IT security systems and measures of their supplier companies – in 2017, this figure came up to 34% – the latter was only reported by 33% of larger organizations with 250 to 1,000 employees. “Larger organizations are often even more widely interconnected. Thus, being informed about all measures within the network is still a major challenge for companies,” Gborglah states.

Effective technologies and measures to avert risks

For 67% of respondents, securing the company network against data leakage is a top priority. The encryption of network connections and e-mails is considered particularly effective by 57% of participants. Expectations regarding the positive effects of information and training for management and employees have increased: Whereas in 2017 only 25% of decision-makers recognized a high level of effectiveness, today this figure has risen to 42%. Among larger companies employing between 250 and 1,000 people, the figure has even risen from 29 to 67%.

At this point, an active supply chain risk management (SCRM), combined with the use of supply chain management software to ensure transparency in complex supply chains, still plays a subordinate role for the companies surveyed. While 42% of those responsible prioritize the implementation of emergency plans, the figure for the introduction of supply chain risk management (SCRM) stands at 21%. 12% of respondents believe that the use of SCM software helps to increase IT security.

Potential of established practices insufficiently exploited

These figures are surprising, since the design of emergency measures is an important field of action of a holistic SCRM. In addition, smaller companies in particular benefit from the implementation of supply chain risk management, digital monitoring, and software-supported access logging, which are being enabled within the framework of a cloud-based SCM software. “Responsible parties do not seem to be fully aware of the great potential of proven mechanisms and technologies and, as a result, underestimate their effectiveness in terms of improving IT security in the supply chain,” says Moritz Gborglah. Yet, it is precisely such mechanisms and systems that can create transparency and thus lay the foundation for improved IT and data security, the security expert Gborglah is saying.

Download the16th Hermes-Barometer in full length from here.