ICAEW.com works better with JavaScript enabled.

Supply chain cyber security series

Author: ICAEW Tech

Published: 22 Sep 2022

Your business is only as secure as its weakest link. Watch this series to understand and manage supply chain cyber security risk.

Supply chain cyber-attacks are becoming more prevalent as the use of vendor supplied software and hardware, and the outsourcing of business processes increases. They are of growing concern due to the significant impact an attack can have not only on the supplier themselves but on the entire ecosystem of businesses that use a supplier’s products or services.

In this series will look at some of the foundational elements of understanding and managing supply chain cyber security risk, providing practical guidance and considering potential solutions to commonly faced challenges.

Introduction - Why focus on supply chain cyber security

This introductory session will look at the impact of your supply chain on your overall business cyber security posture. It will discuss the expectations and responsibilities of accountants in managing supply chain cyber risk and will walk through examples of recent breaches and best practice for maintaining a secure supply chain. It will provide a high level “lay of the land” of the topic leading on to the next sessions that will focus on specific aspects of supply chain cyber security.

First broadcast on 28 September 2022

Webinar resources

Understanding the risk your supply chain poses to you 

In this first “deep dive” session we will discuss practical guidance on how to assess your supply chain cyber security risk including identifying the range of suppliers supporting your business, assessing those that are most critical and how to design and implement a supply chain cyber security risk management programme. We will explore some of the challenges in getting visibility into the supply chain and the ways in which this can be achieved.

First broadcast on 05 October 2022

Webinar resources

Embedding security in agreements

What cyber security requirements should you be looking to embed in contracts? And how much power do you have as a small business to stipulate requirements in supplier contracts? This session will explain what a good contract looks like from a cyber security perspective and will explore some of the challenges in embedding security requirements in contracts and how they can be addressed. 

First broadcast on 12 October 2022

Webinar resources

Managing a supplier assessment and oversight programme

Gaining assurance over the effectiveness of your suppliers’ cyber security arrangements is key. There are various ways to do this, and this session will look at what a good assessment programme looks like, and how to design and implement one for the entire supplier lifecycle (i.e. from onboarding, through to ongoing assessment and offboarding). It will also explore the challenge of limitation of resources and how this can be overcome.

First broadcast on 19 October 2022


Be Prepared – Responding to a supply chain cyber security breach

Cyber security breaches are rarely expected, and they can happen to the least likely of businesses. Effective recovery requires preparation and in this final “deep-dive” session, we will hear from two small accounting practices on their experience of a supply chain cyber security breach. They will discuss the ways in which the breaches were conducted and share their insights on the often-forgotten human side of breaches and lessons learned.


Ask the experts – Q&A with our speakers to wrap up the series

In this final session, we will briefly recap on the key points from the series and provide an opportunity for attendees to ask any questions which have not been covered off in the previous session. The session will also provide guidance for attendees going forward on where to get additional information, resources and support on the topic.

First broadcast on 02 November 2022


This webinar has been recorded with closed captions enabled. Please note that the transcript is automatically generated and errors may occur.