“Are you certified?” may become the most used phrase in business this year.
DTS CEO, Edward Tuorinsky, shares his insights with Intelligent CXO, on a pivotal growth opportunity for businesses in 2025: cybersecurity compliance and supply chain risk management (C-SCRM). As the regulatory landscape evolves and cybersecurity threats grow, businesses must adapt to protect their operations and partnerships. Edward discusses why “Are you certified?” will become a crucial question for businesses this year and how Federal mandates like CMMC are reshaping the cybersecurity landscape.
“Are you certified?” may become the most used phrase in business this year. I predict cybersecurity compliance will be a significant growth opportunity for 2025, specifically cybersecurity supply chain risk management (C-SCRM).
Assessing and managing the cybersecurity risk of all partners with whom you share data connections is an important part of each company’s security posture. Bad actors prey on the weakest link, often smaller companies, intending to gain access to a bigger, more lucrative company’s system.
Believe it or not, C-SCRM is trending because of the US Government’s Department of Defence (DoD). After years of cyberattacks, breaches and viruses, programs across the Federal government are helping secure the country’s critical infrastructure by establishing baseline cybersecurity standards for contractors, but with wide-ranging implications.
The DoD’s Cybersecurity Maturity Model Certification (CMMC) requires all 200,000+ contractors to prove that they meet minimum cybersecurity standards to qualify for new or renewing contracts. As mandates trickle down, thousands of subcontractors, vendors and suppliers to these companies will need proof of their security compliance, too.
Federal mandates for contractors represent a significant area for growth for commercial markets. Companies may find their supply chains are demanding that they invest in cybersecurity that meets national standards and documentation or certification audits that prove their security.
Companies with long-standing or niche supply chains have been reluctant to cut ties with a partner or supplier over cybersecurity, but I think we’ll see that change this year. Risk is a powerful motivator, and vetting your supply chain is one of the most cost-effective cybersecurity moves companies can make. While cyberdefences can barely keep up with evolving threats, supply chain security bolsters the entire ecosystem.
What will it mean to vet your supply chain? Asking for proof that the company has controls in place and is following policies and procedures to protect people, data and systems. With non-disclosures in place, we’ll see companies asking for System Security Plans and third-partycertifications like ISO, SOC or CMMC. We’ll also hear about organisations cutting ties with those who don’t have the documentation or aren’t up to standards.
Cybersecurity wasn’t part of the conversation with partners and vendors five years ago. Today, the regulatory environment and the need to secure the country’s critical infrastructure have made it an imperative. Look for cybersecurity to be a major area for growth in 2025.
Read the full article here: Intelligent CXO: Editor’s Question – What Challenges and Growth Opportunities Do You Predict for Businesses in 2025?