Executive Summary
There is a crying need for companies to enlist their purchasing departments in the fight against cyberattackers. According to our research, over 60% of reported cyberattacks on publicly traded U.S. firms in 2017 were launched through the IT systems of suppliers or other third parties such as contractors, up from less than one-quarter of attacks in 2010. A number of the high-profile attacks on large companies — including Equifax, Netflix, Best Buy, and Target — occurred this way. To mitigate this type of risk, firms should embed cybersecurity…