In April 2024, leaders from some of the world’s largest companies came together in San Antonio, Texas for the Icon Americas conference from apexanalytix.  

Across three days of discussion, they shared insights and explored ideas to help manage the risk of unexpected costs and disruption to their businesses.  

A common concern for many was supplier cyber risk – the impact to a business when one of its vendors comes under attack. In this blog post, we’ll summarize five themes which emerged.  

To learn more about apexanalytix’s Cyber Risk solution, click here. 

Fraud and cyber are front of mind 

Shared experiences of fraud attempts were a theme at Icon Americas 2024. Attendees discussed incidents ranging from spoofed emails to AI voice clones supplier counterparts. With these technologies available, risk management approaches such as phoning to verify changed bank details might not be reliable.  

Attendees discussed that, even if fraud attempts among suppliers did not cost money directly, the resources spent resolving concerns and communicating with suppliers could be better allocated elsewhere. 

Cyber risks were specifically raised in fraud-related sessions for this reason. Attendees were keen to explore how technologies such as apexportal can help to streamline the supplier cyber risk management process for finance teams.  

Data is disconnected – consolidation provides value 

Attendees knew of large organizations who still onboard suppliers over email and manage vendor master data in (one or more) spreadsheets. Aside from being inefficient, it was acknowledged that this approach makes it difficult to benefit from automation and risk management systems. 

Modern technologies allow companies to leverage their vendor data in intelligent ways, enabling risk-aware automations and informed decision making across departments. Disparate information of questionable accuracy reduces the opportunity to utilize technology in this way.  

Consolidating the onboarding process through apexportal can help to solve these issues. Apexportal’s cyber risk management capabilities could alert relevant colleagues when vulnerabilities emerge or suppliers are attacked. Its powerful automations can even pause payment to suppliers where breaches are detected to help reduce the time and expense associated with fraudulent activities. 

Change programmes are an opportunity to bring cyber risks into scope 

Many attendees at Icon Americas 2024 were implementing apexportal. Inevitably, they took the opportunity to share experiences with apexportal’s supplier onboarding, ERP integrations, bank account validation and fraud prevention capabilities. 

A common question asked was how apexportal’s cyber risk management capability can be utilized across the business. Many were particularly interested in automatic payment freezes to potentially compromised suppliers and the ability to monitor suppliers for concerns and incidents which could lead to costs or disruptions. 

Another question was whether supplier cyber risk monitoring capabilities could be implemented independently of apexportal. This is possible for many of features using apexanalytix’s standalone Cyber Risk platform. Attendees were interested to learn that this information could be integrated into apexportal further down the line of implementation.  

It’s not always clear where supplier cyber risk ownership sits 

The attendees of Icon Americas 2024 generally represented large organizations with sophisticated Information Security functions. When discussing cyber risk management, this led to the inevitable question of ownership. 

We regularly find that Information Security teams are stretched. Many have some involvement in supplier cyber risk management but this is often limited to key suppliers or those with access to internal systems. This information may not be accessible to others in the business. 

In organizations with mature InfoSec, Sourcing, Vendor Management and Finance teams; a collaborative approach can be beneficial. A disconnected approach can lead to parallel processes (and costs) or risks not being managed at all.  

Our experience supporting the balance of departmental priorities means that we can engage all stakeholders and help to build workflows which complement the business’s policies and procedures. 

Non-technical teams don’t know where to start 

Even among attendees who understood the risk of fraud and disruption from supplier cyber incidents, concern was raised that cyber risks might be too technical to address. This is understandable – the word cyber makes us think of hackers and code, neither of which are in the standard skillset of a finance professional!    

Through our cyber risk management capabilities, apexanalytix helps to place these risks in the language of non-technical teams, with numerical risk scoring and automated workflows which enable risk-aware decisions in a range of scenarios.  

By understanding your business and stakeholders, we can support in implementing a supplier cyber risk management capability which empowers multiple teams to increase efficiencies while fostering collaboration with subject matter experts – either internally or with our support. 

If you have questions about supplier cyber risk management, speak to our dedicated team. Apexanalytix Cyber Risk is available within the apexportal or as a standalone platform – each available with a bespoke service to enable non-technical teams at scale.