Logistics and Supply Chain Technology Report 2021

中国电信（欧洲）有限公司 C h i n a T e l e c o m ( E u r o p e ) L t d .

With many arguing for more robust data breach laws region, companies looking to lead the charge in cybersecurity will have to change their reporting models to account for report any unauthorised access to the system, irrespective of whether data had been accessed or stolen in order to allay concerns. Consumer trust is easier and better built in the open. Secrecy over vulnerabilities and breaches can breed distrust among consumers when they eventually come to light, highlighting flaws in data management practices as well as trust that data controllers will have to work to remedy via their active engagement with customer concerns. Publishing the results of regular security audits would also go some way to assuaging fears.

Does your organisation provide enough training on cybersecurity threats for employees?

All Respondents

However, whilst data security was factored into strategy, proper protocols for training employees seemed to be lacking. On average our respondents found their organisations to be middling on cybersecurity training. Across businesses we surveyed the average score was 5/10, far too low given the growing threat posed by malicious actors and the rise of ransomware-as-a-service (RaaS) models providing more and more opportunities for attacks. To some extent, this lack of training may be offset by adopting other practices, though minimising friction for untrained users whilst also providing robust risk-adaptive security practices is a difficult thing to balance. Single-sign on (SSO) coupled with a multi-factor authentication (MFA) process are popular models for secure access. Indeed, MFA experiences, though perhaps perceived as finicky and time-consuming may actually provide greater comfort to potential customers concerned about access to their data. Businesses might choose to work with solutions providers to design an authentication flow that only low-level authentication suitable for low-risk actions, and greater authentication only required when necessary to avoid frustration for the end-user.