Kocho Research Suggests UK Businesses Are Overconfident When It Comes to Digital Supply Chain Security

Organisations trust their MSPs, yet fail to ask them basic cyber security-related questions and admit to suffering unscheduled downtime

Kocho, the UK-based provider of cyber security, identity, cloud transformation and managed services, announced the results of a survey assessing the cyber resilience of UK businesses’ digital supply chains. While virtually all of the respondents were either totally confident (71 percent) or moderately confident (29 percent) that their Managed Service Provider (MSP) could continue to deliver services in the event of a major attack, 97 percent had suffered unscheduled downtime in the previous year, with 88 percent of these incidents connected to cyber-related activity.

Conducted by Vanson Bourne in October 2022, the online survey polled 200 UK senior business and technology professionals at mid-sized businesses employing between 500 and 3,000 people. All of these businesses were from finance and insurance, private healthcare, legal or manufacturing verticals and rely on MSPs to run at least some of their IT. Slightly over half (51 percent) stated their operations would be severely impacted by a disruption to their MSP’s service, while 15 percent said they would be left unable to operate. Approximately one quarter (26 percent) said they would be partially impacted.

Read More: Quantiphi Wins Inc.’S 2022 Best In Business Award In The Established Excellence Category

 

“On the whole, UK businesses are very trusting of their MSPs’ abilities to withstand attacks and have considerable confidence in their digital supply chains. However, this research does also suggest that at least some of this confidence might be misplaced”

Six in ten (60 percent) respondents stated that cyber security procedures were a top priority in their decision-making process when their organisation selected its MSP, with a further 34 percent stating that they were a major part of the decision-making process. Despite this priority, many businesses failed to ask fundamental security-related questions at this initial tender stage.

Read More: SalesTechStar Interview with Jeannine Shao Collins, Chief Client Officer at Kargo

Only 40 percent of businesses stipulated their MSP should be Cyber Essentials certified, even though this is the UK Government-backed scheme designed to protect all organisations against a range of threats. Just 38 percent asked if the MSP was fully GDPR compliant, while only 37 percent stipulated two factor authentication must be deployed. Fewer still (35 percent) asked if an incident response policy was in place and only 56 percent of organisations undertook third party audits to verify or test MSP defences.

“On the whole, UK businesses are very trusting of their MSPs’ abilities to withstand attacks and have considerable confidence in their digital supply chains. However, this research does also suggest that at least some of this confidence might be misplaced,” said Jacques Fourie, Director of Information Security, Kocho. “When selecting an MSP, businesses don’t always ask enough tough questions; this could leave them vulnerable. Organisations may think that by passing the management of their IT to a third-party, they no longer need to worry about security, but that’s simply not the case – we can see from this research that any MSP outage could hit businesses hard.”

Write in to psen@itechseries.com to learn more about our exclusive editorial packages and programs.

business and technology professionalsCloud TransformationCyber Resiliencecyber securityDigital Supply Chain SecurityDigital Supply ChainsidentityKochomanaged servicesMSP defencesNewsonline surveyOverconfidentResearchuk businessesunscheduled downtime