Why we started Risk Ledger
I am the CEO of Risk Ledger, and alongside my CTO and co-founder Dan, we started Risk Ledger to solve one of the biggest problems we see in cybersecurity today - security risks originating in the supply chain. Risk Ledger has a big mission: to significantly reduce the number supply chain data breaches and incidents globally by building the infrastructure to facilitate trust between organisations.
A huge problem with two sides
The Ponemon institute reported that over 60% of organisations have suffered a data breach that originated in the supply chain, and a quick google search throws up many examples of companies being both impacted by supply chain breaches and the fines that inevitably follow. That is a staggering proportion, yet it tallies with my professional experience as a security consultant at Deloitte and KPMG. In those roles, it became clear to me that as supply chains grew ever longer, more global, and more complex, traditional risk assurance methods would no longer be able to offer good visability into the growing risk, let alone be able to mitigate it.
On the other side of the problem, organisations in the supply chain overwhelmingly consist of small to medium-sized enterprises (SMEs) who don't have the security budgets of multinational corporations, nor the large specialist cybersecurity teams of a Big Tech company. The unfortunate truth is that SMEs, who are crucial to global supply chains, are often going to be less resilient to security attacks than larger enterprises. Hiscox's Cyber Readiness Report 2019 shows that 63% of medium sized firms (between 50 and 249 employees) reported a data breach in 2019, and research by Gallagher in 2019 suggested that over 50,000 SMEs in the UK could collapse at the hands of a successful cyber attack.
There had to be a better way than spreadsheets
Dan and I knew there had to be a better way to tackle these twin problems than emailing spreadsheets or digital questionnaires with hundreds of questions back and forth across the globe. During an early discussion, we came up with three objectives that would need to be achieved to make doing business online as safe as possible:
- Give organisations, of any size, complete visibility of their end-to-end supply chain security posture, no matter how large or complex, at an affordable per-supplier cost.
- Transform the output of supply chain security programmes away from paper-based risk reports towards an active cyber solution that can detect, respond to, and help organisations recover from supply chain breaches.
- Provide easy to access and easy to understand support for organisations with fewer security resources to identify and implement the security controls they need to achieve a good, standardised, base level of security.
It was clear to us that achieving these objectives would go a very long way towards achieving our mission of reducing data breaches across supply chains globally and this is what guided us as we started to build Risk Ledger.
Our solution: A secure social network combined with a security management platform
The Risk Ledger platform is built with those three objectives at its core. We have combined a security management platform with a secure social network.
Clients join our platform and can immediately connect with their suppliers, who are already on Risk Ledger, to gain visibility of their security controls through the use of connection requests - akin to a secure social network. Any suppliers who aren't already on the platform can be invited within minutes. This allows large organisations to very quickly and affordably gather, analyse and act on a wealth of meaningful security data from their suppliers.
Our platform then guides suppliers with no security expertise to implement and maintain a security programme with ease - and for free. The affect of this is to increase suppliers' engagement with their own security and reduce the number of security risks lurking in the supply chain. Suppliers only share their security profile with clients if they accept a connection request or join the platform after being invited - giving both clients and suppliers control over the data they share.
We have already helped our initial customers collect supplier data up to 70% faster than they were previously able to and reduced their per-supplier costs by up to 90%.
Our future roadmap is exciting, and has already won us awards from the UK Government's National Cyber Security Centre and industry body TechUK. With our platform exhibiting properties of a social network, we can map out entire supply chain ecosystems and pinpoint macro risks such as single points of failure within a client’s supply chain.
Going forward, our platform will provide integrations with a range of tools such as Crowdstrike, turning Risk Ledger into a Security Information and Event Management (SIEM) solution for the supply chain. We will be able to detect, respond to, and prevent supply chain cyber attacks in real time, moving supply chain security away from the chore that is risk management and into the 21st century.
Risk Ledger will ultimately be the world’s first supply chain security operations centre.
That sounds cool, how can I get involved?
We love to show off our tech. If you want to see more of this new approach to supply chain security, get in touch for a demo by emailing us at firstname.lastname@example.org.
If you like what we are doing, share this blog and our website with your friends who work in procurement and security. Mention that we are building a SOC for the supply chain; I guarantee they will find the concept interesting!
We are already backed by some amazing investors, including Firstminute Capital, Seedcamp, Village Global, and Episode 1 ventures. If you are interested in joining our cap table, let us know by connecting with Dan or myself on LinkedIn, or by emailing email@example.com.
And finally, if you are a developer, supply chain geek, or customer success wizard, consider joining our team by keeping your eyes on our careers page.