Kocho, the UK-based provider of cyber security, identity, cloud transformation, and managed services, has announced the results of a survey assessing the cyber resilience of UK businesses’ digital supply chains.
While most of the respondents were either totally confident (71%) or moderately confident (29%) that their Managed Service Provider (MSP) could continue to deliver services in the event of a major attack, 97 per cent had suffered unscheduled downtime in the previous year, with 88 per cent of these incidents connected to the cyber-related activity.
Conducted by Vanson Bourne in October 2022, the online survey polled 200 UK senior business and technology professionals at mid-sized businesses employing between 500 and 3,000 people. All these businesses were from finance and insurance, private healthcare, legal or manufacturing verticals and rely on MSPs to run at least some of their IT. Slightly over half (51%) stated their operations would be severely impacted by a disruption to their MSP’s service, while 15 per cent said they would be left unable to operate. Approximately one-quarter (26%) said they would be partially impacted.
Six in ten (60%) respondents stated that cyber security procedures were a top priority in their decision-making process when their organisation selected its MSP, with a further 34 per cent stating that they were a major part of the decision-making process. Despite this priority, many businesses failed to ask fundamental security-related questions at this initial tender stage.
Only 40 per cent of businesses stipulated their MSP should be Cyber Essentials certified, even though this is the UK Government-backed scheme designed to protect all organisations against a range of threats. Just 38 per cent asked if the MSP was fully GDPR compliant, while only 37 percent stipulated that two-factor authentication must be deployed. Fewer still (35%) asked if an incident response policy was in place and only 56 per cent of organisations undertook third-party audits to verify or test MSP defences.
Jacques Fourie, Director of Information Security, Kocho said, “overall, UK businesses are very trusting of their MSPs’ abilities to withstand attacks and have considerable confidence in their digital supply chains. However, this research does also suggest that at least some of this confidence might be misplaced. When selecting an MSP, businesses don’t always ask enough tough questions; this could leave them vulnerable. Organisations may think that by passing the management of their IT to a third party, they no longer need to worry about security, but that’s simply not the case – we can see from this research that any MSP outage could hit businesses hard.”