Research on cyber security in supplier management and procurement
The government is carrying out research on cyber security in supplier management and procurement.
Documents
Details
The Department for Science, Innovation and Technology (DSIT) has commissioned Ipsos UK to carry out research to better understand how UK private-sector organisations of different sizes manage cyber security risks in their supply chains. This research is part of DSIT’s ongoing work to strengthen the security and resilience of the UK economy by supporting organisations to protect themselves, their supply chains, and their customers from cyber threats.
What is this research about?
The research focuses on the practices, challenges, and needs of professionals responsible for procurement, supplier management, and third-party risk management in private sector organisations. This includes understanding organisations’ ability and motivations for (or barriers to) engaging with and using DSIT/NCSC policy as supply chain tools, such as the Global Standard on AI Cyber Security, the Software Security Code of Practice, Cyber Essentials, the Cyber Governance Code of Practice, and the Enterprise Device Principles. Specifically, this research aims to:
- profile the roles and responsibilities of those managing technology procurement and supplier relationships
- identify barriers and information gaps that make it difficult to enforce cyber security requirements with suppliers
- explore the tools, guidance, and support that would help organisations demand better cyber security from their suppliers
- inform the development of practical resources and guidance for businesses, including a supplier management handbook
Who is being invited to take part?
Ipsos UK is inviting senior professionals involved in procurement, supplier management, or third-party risk management to participate in this research. Participants may be asked to complete a survey and/or take part in an interview. The survey is designed for those with decision-making responsibility for choosing, managing, or monitoring external suppliers or contractors, and covers a range of sectors and organisation sizes.
How will the research be used?
Findings from this research will help DSIT develop tools and guidance to support businesses in embedding good cyber security practices within their supply chains. The results will be reported in aggregate and will not identify individual participants or organisations.
Your privacy
Participation in this research is voluntary. All responses will be treated in confidence and in line with data protection legislation. Ipsos UK will not share any information that could identify you or your business with DSIT or any other party. For more information on how your data will be used, please see Ipsos UK’s Privacy Notice attached above.