October 23, 2018

October 22, 2018

Subscribe to Latest Legal News and Analysis

Do You Have A Weak Link In Your Supply Chain?

Nausicaa Delfas, Executive Director and Chief Operating Officer at the Financial Conduct Authority (UK) recently presented a speech at the Cyber Security Summit and Expo 2017 in London.

During her speech, Ms Delfas cited an issue that often comes up in her conversations with firms, business people or leaders – how to manage risk that ‘lies beneath the surface’.

It is fair to say that businesses often focus on assessing the cyber risks or threats to its critical infrastructure, without considering its supply chain and third party supplier risks.

Ms Delfas pointed out that when a business engages a supplier or partner, it also adopts its risk profile.  Ms Delfas recommended businesses ask two key questions:

  • What assurances do we have that our suppliers and extended supply chains are secure, and can be trusted with our information?

  • Are we consuming the services in a secure way?

A number of major companies have suffered a data breach due to a weak link in its supply chain. Our readers may recall the US retailer Target suffered one of the largest data breaches in recent times, due to a breach via its supplier that maintained its air conditioning systems.

Ms Delfas’ two questions are definitely worth taking on board and considered before engaging any third party supplier. On the flip side, if you are a supplier, start to expect your smart customers to come knocking and asking some pointed questions about your privacy and information security practices. 

Copyright 2018 K & L Gates


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Keely O'Dowd, K&L Gates, attorney, Melbourne

Ms. O'Dowd is an experienced lawyer with a focus on technology and sourcing projects. She advises on a broad range of technology transactions, including procurement, outsourcing and software licensing. This work includes drafting and advising on a range of IT procurement and supply agreements. Ms. O'Dowd advises a range of corporations on privacy and cybersecurity.