This week i will attend to several meetings regarding cybersecurity in supply-chain.
What I will suggest is integrating supply-chain audits and cyber security requirements from procurement to operation for enhanced cyber resilience.
By defining upfront requirements and regular supplier reviews, understanding the supply chain's cyber security posture becomes clearer and collaborative actions can mitigate vulnerabilities effectively.
As regulations like NIS2 approach, industrial companies, especially those providing essential services in the EU, must proactively address cyber security.
NIS2 introduces stricter requirements, top management accountability, and streamlined reporting, urging businesses to tackle supply-chain cyber security risks.
Coordinated risk assessments with EU collaboration are emphasized, with NIS2 in effect since January 2023 and compliance deadlines approaching by mid-2024.
Several Polls reveals a learning curve, with 21% having moderate or advanced familiarity with NIS2. For 34%, implementing NIS2 positively impacts cyber security resource allocation.
The European Commission anticipates a potential 22% increase in ICT security spending in the first few years after NIS2 introduction.
Industrial businesses are increasing investments in cyber security due to the growing complexity of cyber threats. Strengthening cyber security in the industrial supply chain is essential, especially with the potential for tighter regulations driving companies to prioritize supply-chain cyber security.
As cyber threats to industrial facilities, such as power grids and fuel pipelines, become more frequent and sophisticated, the need to secure operational technology (OT) is critical.
The 2023 X-Force Threat Intelligence Index reveals manufacturing as the most targeted industry in 2022, with other sectors like energy and transport also ranking in the Top 10.
Recognizing that cyber security is integral to digitalization and automation, company boards and C-suites are acknowledging the significance of safeguarding life, property, and the environment in industrial operations.
Despite this awareness, many OT security professionals express concern about their organizations' vulnerability due to insufficient knowledge of third-party security practices and the inability to manage cyber risks across the external OT supply chain.