Infosec Cloud
Solutions. Services. Training.

The 'chat' from the cloud

Keep up-to-date with the latest trends, hints and tips on cloud-based security

SMEs with weak security excluded from bids

Date: Jun 1, 2016

Category: Blog

A recent survey by KPMG has found that SMEs are at risk of being excluded from bidding for work because of the lack of importance they are placing on looking after their valuable client data.

This multi sector survey of 175 procurement managers across the UK, all from organisations with over 250 employees, revealed that the general consensus (70%) of procurement managers is that SMEs should be doing more to prevent cyber attacks and protect valuable client data.

The vast majority (86%) of respondents said they would consider removing an SME supplier if they were hacked and nearly all of the respondents (94%) confirmed that cyber security standards are important when awarding contracts to SME suppliers.

Two-thirds of procurement managers ask their suppliers to demonstrate cyber accreditations, such as the UK Government’s Cyber Essentials or the credit card industry’s PCI DDS scheme. SMEs are increasingly being asked to self-fund their own accreditations.

End User Security Awareness Training is an important and highly effective first step that SMEs can put in place immediately.

Companies are also embedding cyber security in their supplier contracts, with about half (47 per cent) of existing contracts already stating that suppliers are contractually obliged to tell if they have been hacked.

UK companies have good business reasons to be concerned about the security practices of their suppliers.

Last year’s Target breach was likely to have been initiated through FSM a heating, ventilation and air conditioning contractor that was connected to Target’s systems to provide electronic billing services, contract submissions and project management services. FSM was the subject of an attack in which hackers stole the credentials required to breach Target.

Infosec Cloud is working with organisations of all sizes to provide cost-effective, measurable End User Security Awareness Training.
Click Here to


Comments are closed.

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks