The State of Cyber Security in Public Sector Supply Chains: Security Governance data snapshot reviewed all the security controls of suppliers to the public sector on the Risk Ledger platform and identified some of the most common weaknesses within the Security Governance domain.
Security governance is the setting of policies, processes, responsibilities and structures that provide the framework for an organisation to achieve its security objectives. Good governance coordinates the security activities of an organisation to ensure all relevant risks are being managed and the flow of information facilitates good decision making. For professionals concerned with managing third-party risks, good security governance in the supply chain is foundational to cyber resilience. A comprehensive, joined-up security governance regime is a strong indicator of a third-party that takes securing themselves, and protecting their clients, seriously.
This brief snapshot looks at how security governance controls are applied by suppliers to the UK public sector, based on their answers and evidence provided to the 25 control questions asked under the Security Governance section of Risk Ledger’s standardised assessment framework. In this snapshot we want to draw attention to some notable shortcomings that public sector bodies and their suppliers are working on resolving collaboratively on the Risk Ledger platform.
Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.