Companies interested in protecting themselves and their customers from cyber-attacks need to invest in themselves and the vendors that handle their data, according to new research from American University.
The study, conducted by Jay Simon and Ayman Omar from the university's Kogod School of Business, was accepted for publication by the European Journal of Operation Research. They found that a data breach due to a third-party supplier was more likely to lead to an underinvestment in cybersecurity measures. High-profile third-party data breaches have impacted Target, T-Mobile, and the IRS.
"Companies that want to be the most effective at preventing cyber-attacks need to look at every entity that handles their data," Omar said. "If you have one weak link, the entire operation is compromised. If I'm running a company that has strong cyber security measures in place, but my third-party vendors don't, the company is still at risk."
To mitigate risks, Simon and Omar recommend companies that are typically competitors become allies in strengthening cyber security supply chains.
"It's in the best interest of companies that normally compete with each other to combine investments to make cyber security supply chains better," Omar added.
More information: Jay Simon et al, Cybersecurity investments in the supply chain: Coordination and a strategic attacker, European Journal of Operational Research (2019). DOI: 10.1016/j.ejor.2019.09.017
Provided by American University