Sales: (877) 516-0218
General: (678) 695-5500

Survey Results: Cybersecurity and the Supply Chain

Financial Industry Technology Partner Atlanta or Boston

Cybersecurity, Compliance

We asked nearly 200 industry professionals about cybersecurity regulations and their effect on relationships with clients and vendors. Here’s what they said.

Q1: To which information security regulations are your company subject?

FERPA 12.0%
FISMA 10.7%
GDPR 17.3%
GLBA 10.7%
HIPAA 32.7%
NIST 12.0%
PCI-DSS 28.7%
SOC 10.7%
None 8.0%
I’m not sure 40.0%
Other 6.0%

Q2: In the last 24 months, has a client or vendor requested or required that your company provide documentation on information security plans, processes, business agreements or certifications?

Yes 39.8%
No 48.8%
I’m not sure 11.5%

Q3: What was your company asked to provide?

Third-party / independent audit results 42.9%
Internal audit results 39.7%
Formal / legal confirmation of compliance 33.3%
Informal confirmation of compliance 47.6%
Security questionnaire 76.2%
I’m not sure 6.4%
Other 4.8%

Q4: Has your company provided all the requested items?

Yes 83.9%
No 6.5%
I’m not sure 9.7%

Q5: Does your company intend to provide all the requested items?

We intend to provide all of the items 27.3%
We intend to provide some of the items 27.3%
We do not intend to provide any of the items 9.1%
I’m not sure 36.4%

Q6: Why is your company not going to provide all the requested items?

Too expensive 0.0%
Too time consuming 50.0%
Too complicated 25.0%
Lack of compliance 25.0%
Business relationship is not important enough 0.0%
I’m not sure 25.0%
Other (please specify) 50.0%

Q7: On a scale of 1-5, how important is your company’s information security?

(1) Not at all important 0.7%
(2) 0.7%
(3) Somewhat Important 7.4%
(4) 21.5%
(5) Criticaly Important 69.8%

Q8: Why is your company’s information security important?

Regulations require it 53.2%
Vendors require it 21.8%
Clients require it 59.6%
Protection of the information your company holds 84.0%
Protection of your company’s brand 52.6%
Protection of your clients’ and customers’ brand 50.0%
It is not important 2.6%
Other 1.9%

Q9: To which information security regulations are your clients or vendors subject?

Family Educational Rights and Privacy Act (FERPA) 12.0%
Federal Information Security Management Act of 2002 (FISMA) 10.7%
General Data Protection Regulation (GDPR) 17.3%
Gramm Leach Bliley Act (GLBA) 10.7%
Healthcare Insurance Portability and Accountability Act (HIPAA) 32.7%
National Institute of Standards and Technology (NIST) 12.0%
Payment Card Industry Data Security Standard (PCI-DSS) 28.7%
Service Organizational Control (SOC) 10.7%
None 8.0%
I’m not sure 40.0%
Other 6.0%

Q10: In the last 24 months, has your company requested or required that a client or vendor provide documentation on their information security plans, processes, business agreements or certifications?

Yes 34.0%
No 50.0%
I’m not sure 16.0%

Q11: What did your company ask them to provide?

Third-party / independent audit results 37.5%
Internal audit results 27.1%
Formal / legal confirmation of compliance 56.3%
Informal confirmation of compliance 50.0%
Security questionnaire 41.7%
I’m not sure 4.2%
Other 0.0%

Q12: Have they provided all the requested items?

Yes 89.8%
No 6.1%
I’m not sure 4.1%

Q13: Are you expecting them to provide all the requested items?

We expect them to provide all of the items 20.0%
We expect them to provide some of the items 60.0%
We do not expect them to provide any of the items 20.0%
I’m not sure 0.0%

Q14: Why are you not expecting them to provide all the requested items?

Too expensive 25.0%
Too time consuming 0.0%
Too complicated 25.0%
Lack of compliance 75.0%
Business relationship is not important enough 0.0%
I’m not sure 0.0%
Other (please specify) 25.0%

Q15: On a scale of 1-5, how important is your clients’ and vendors’ information security?

(1) Not at all important 2.2%
(2) 2.2%
(3) Somewhat Important 10.1%
(4) 18.8%
(5) Critically Important 66.7%

Q16: Why is your clients’ and vendors’ information security important?

Regulations require it 51.8%
Vendors require it 31.4%
Clients require it 56.9%
Protection of the information the companies hold 66.4%
Protection of your company’s brand 46.0%
Protection of your clients’ and vendors’ brand 48.9%
It is not important 5.8%
Other (please specify) 3.7%

Q17: Which most closely describes the industry in which you work?

Banking / Finance 5.9%
Consulting 5.4%
Education 7.0%
Government 4.3%
Healthcare 11.8%
Hospitality 1.6%
Legal 11.3%
Manufacturing 8.1%
Non-profit 5.9%
Real Estate / Construction 7.5%
Retail 1.6%
Technology / Telecommunications 21.0%
Utilities 1.6%
Other 7.0%

Q18: Which most closely describes your job function?

Accounting / Finance 5.4%
Administration 19.0%
Business Owner 16.3%
Customer Service 1.1%
HR 1.1%
IT 29.4%
Legal 4.4%
Operations 20.7%
Sales / Marketing 2.7%
Other (please specify) 0.0%

Q19: Which most closely describes your job level?

Staff 17.5%
Management 28.4%
Senior Management 22.4%
Executive Management 31.7%

Q20: How many employees does your company have?

1-50 48.4%
51-500 29.0%
501-1,000 10.8%
1,001-10,000 7.5%
10,001+ 4.3%
Free Cybersecurity Quiz

RECENT POSTS

SHARE ON SOCIAL MEDIA

Share on facebook
Share on twitter
Share on linkedin

SUBSCRIBE TO OUR NEWSLETTER

Join 30K Business & IT Professionals by signing up for our email list to receive updates on IT and Cybersecurity directly in your inbox.

RFP for IT Template
Perfect AV eBook

NAVIGATE TECHNOLOGY
WITH CONFIDENCE.
CONTACT US.