The impact of an organisation’s security posture on its external partners or customers


Maintaining a strong approach to cybersecurity is critical to the success of any organisation. A robust cybersecurity strategy not only protects the business itself, but it adds another layer of defence to limit the potential impacts any security breaches can have on the wider business network, including partners and customers.

Sophisticated cybercriminals increasingly use unauthorised access to one organisation to compromise and exploit partners and customers that are connected through the wider network. This makes it essential for organisations to ensure that their own security protects themselves and their partners and customers. They should also conduct due diligence to ensure partners aren’t inadvertently creating vulnerabilities with insufficient cybersecurity measures.

Corne Mare, director, security solutions, Fortinet, said, “Cybercriminals often see smaller partners as an opportunity to infiltrate and exploit larger, more lucrative targets. Increasing interconnectedness means a successful breach of a smaller organisation—with fewer security resources to defend against an attack—can translate into access to larger organisations.”

The increasing connectedness of business networks means organisations are steadily becoming more responsible, even indirectly, in protecting customer and partner networks and information. Any kind of breach or cyberattack will affect an organisation and its networks, leading to financial and reputational impacts.

Executives need to consider the extended impacts on customer and partner trust, shareholder value, and brand reputation that can come from breaches and the exposure of sensitive data. The potential fallout from a cyberattack includes share prices dropping, an increase in customer turnover, and a reduced pipeline as potential customers take their business elsewhere.

Corne Mare said, “There’s an expectation that information will be protected by relevant parties when companies enter into business partnerships. Customers and partners alike may choose to end their relationships if financial and sensitive company information is breached.

“Maintaining a strong security posture can positively affect an organisation’s recovery time in the event of a security breach.

“When looking at Prudential Standard CPS 234, businesses should presume they have already experienced a data breach. They should also consider the effects a data breach will have on business. Leading CISOs are always reassessing their controls, including on relevant third-party access.

“This means organisations should consider the security posture of the companies in their wider business networks to ensure that they aren’t vulnerable to attacks that come through an unsecured partner.”

There is no question that information security is a shared responsibility. But there are steps organisations can take to ensure they present the best defence to protect information. Companies with a strong security posture often share attributes such as conducting regular audits and assessments of vulnerabilities, and providing relevant training for employees.

Furthermore, a strong security posture often comes from having dedicated CISOs and adequate budgets that are strategically invested in necessary technologies. Cybersecurity is increasingly becoming a key topic at board level, especially as companies become more connected.

Having a fundamental understanding of the impacts that an organisation’s security posture can have on customers and partners is critical to any company that is concerned with how it performs both on the stock market and within its industry. Interconnectedness can add significant value to business relationships, but it can also create more shared risk.

Corne Mare said, “It’s important to carry out due diligence with every new business partnership to confirm that any partners are as secure as your organisation. For smaller organisations, it’s also critical that larger partners consider what can be done to help secure shared information and networks.

“It’s crucial that organisations seek to continually improve their security posture to ensure partner and customer trust isn’t misplaced in business relationships. Security must be considered in every business conversation and treated as the highest priority by everyone.”