Cyber Risk Among Suppliers: A Strategic Priority for Procurement Teams

As a single cyberattack can now paralyze an entire production line, identifying cyber vulnerabilities within your supplier network is no longer optional. It has become a strategic lever, at the intersection of business continuity, compliance, and operational resilience.

Data That Speaks for Itself

Between 2021 and 2023, business disruptions caused by cyberattacks targeting suppliers surged by 45% (source: Gartner). This sharp increase highlights the growing vulnerability of supply chains to cyber threats. In response, companies have adapted their strategies: budgets allocated to third-party cyber risk management (TPCRM) have increased by 65% over the same period. This trend reflects a growing awareness: cyber risk has become systemic.

In fact, 42% of procurement departments now rank cyber risk as the second major threat by 2025, according to the AgileBuyer CAN study. Cyber is no longer just a concern for CIOs or CISOs—it has become a cross-functional issue involving operational teams as well.

The economic impact is equally revealing: in 2024, cyberattacks cost France nearly €130 billion. A significant portion of these attacks infiltrated through less secure third parties, often beyond the direct perimeter of the company’s IT systems. This underscores the urgent need to improve visibility and control of cyber risks across external partners.

Cyber Maturity: A Key Indicator in Third-Party Risk Management

Assessing the cybersecurity maturity of suppliers is becoming a cornerstone of third-party risk management. This involves analyzing their security posture, level of preparedness, ability to detect and respond to incidents, and compliance with standards such as ISO 27001 or the upcoming NIS2.

The goal isn’t to exclude, but rather to better understand, support, and prioritize. It enables organizations to map risk levels, prepare contingency or continuity plans, and anticipate critical disruptions if a partner fails.

Integrated within a TPCRM (Third-Party Cyber Risk Management) framework, this approach takes on a new dimension: automated follow-ups, dynamic analysis of weak signals, risk heatmaps, and alignment of evaluations with business priorities. Far from being a burden, TPCRM becomes an accelerator of collective resilience.

For Procurement: A New Lever for Security and Strategic Oversight

The role of procurement is evolving. It’s no longer just about ensuring economic performance, but also about securing the supply chain against external threats. By incorporating cyber risk into supplier evaluations, procurement gains control, agility, and credibility with both internal and external stakeholders.

This shift also requires strong collaboration across Procurement, IT Security, Compliance, and Executive Management. Together, they develop a shared, guided, and business-aligned cybersecurity strategy.

Cybersecurity no longer stops at the company’s perimeter. It extends to every link in the value chain. In an interconnected world, your weakest link could be your biggest vulnerability.

That’s why implementing a structured approach to managing cyber risk among third parties is no longer a best practice—it’s a necessity. The sooner vulnerabilities are identified, the better you can protect your operations, your clients, and your reputation.