How often does procurement include cyber risk assessment requirements in their engagement requests?
Always20%
Often40%
Sometimes24%
Rarely12%
Never1%
Not sure
427 PARTICIPANTS
3.1k views1 Comment
Sort by:
Content you might like
‘AI’ Business Model – With many components flowing into the AI domain (cost, data, E&C, people, value, strategy, duplication of everything, etc.), I’ve started to think about splitting out ‘AI’ from the operating model and putting it into a separate legal entity. This way, I could manage a) risk and compliance, b) cost, c) resource allocation, d) governance, e) IP, f) revenue generation, etc.
Of course, this isn’t new in general, but I’m especially interested in how this approach could help with the ongoing challenge of ensuring compliance with data privacy and regulations related to LLMs and data access/usage over time.
My question: Is anyone else thinking about this, or has anyone already done it? I know there are examples in the literature, but I wanted to float this here for general comments and discussion.
Yes, we have pursued new accreditations or certifications strictly to help reduce our cyber insurance premiums25%
Yes, we have pursued new accreditations or certifications strictly to obtain cyber insurance54%
No, we have not pursued new accreditations or certifications strictly for reasons related to cyber insurance38%
We do not have cyber insurance10%
Not sure1%
Limited resources11%
Siloed data40%
Lack of leadership23%
Poor data quality & context18%
Lack of data control5%
Other (please explain in the comments)
It depends on the size of the business. In my experience, most of the publicly listed companies' procurement team will have this requirement as part of due diligence of vendor onboarding process.
For private companies, it depends on the size and agility of the business that matters the most.
Another driver for this requirement comes from regulatory compliance side and that too depends on which sector the company is operating.