CESIN and Board of Cyber unveil the 2024 Observatory on Cyber Risks Linked to Suppliers

This second edition surveyed more than 100 cybersecurity leaders, members of CESIN, from organizations of all sizes and sectors, about how they manage supplier-related cyber risk — methods, tools, challenges — as well as their new expectations in light of the growing impact of new regulations.

After a 2023 edition that demonstrated genuine awareness within organizations, the 2024 edition reveals that nearly 90% of decision-makers surveyed acknowledge this risk as “very important” or “important.” However, two-thirds report assessing fewer than 50 suppliers per year. The new NIS2 and DORA regulations, which will come into effect in the coming weeks, call for a more comprehensive approach to this risk. For 53.4% of organizations, these new regulatory frameworks will lead them to modify their supplier risk management approach within the next twelve months — a slightly higher figure than in 2023 (52%).