Preventing cyber security attacks lies in strategic, third-party investments, study finds

cyber crime
Credit: CC0 Public Domain

Companies interested in protecting themselves and their customers from cyber-attacks need to invest in themselves and the vendors that handle their data, according to new research from American University.

The study, conducted by Jay Simon and Ayman Omar from the university's Kogod School of Business, was accepted for publication by the European Journal of Operation Research. They found that a due to a third-party supplier was more likely to lead to an underinvestment in cybersecurity measures. High-profile third-party data breaches have impacted Target, T-Mobile, and the IRS.

"Companies that want to be the most effective at preventing need to look at every entity that handles their data," Omar said. "If you have one weak link, the entire operation is compromised. If I'm running a company that has strong cyber security measures in place, but my third-party vendors don't, the company is still at risk."

To mitigate risks, Simon and Omar recommend companies that are typically competitors become allies in strengthening cyber security supply chains.

"It's in the best interest of companies that normally compete with each other to combine investments to make cyber supply chains better," Omar added.

More information: Jay Simon et al, Cybersecurity investments in the supply chain: Coordination and a strategic attacker, European Journal of Operational Research (2019). DOI: 10.1016/j.ejor.2019.09.017

Citation: Preventing cyber security attacks lies in strategic, third-party investments, study finds (2019, October 21) retrieved 27 May 2024 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Singapore ranks first as launchpad for global cyber attacks


Feedback to editors