News Release 

Preventing cyber security attacks lies in strategic, third-party investments, study finds

Companies that want to keep data safe need to strengthen every vendor handling data

American University

Companies interested in protecting themselves and their customers from cyber-attacks need to invest in themselves and the vendors that handle their data, according to new research from American University.

The study, conducted by Jay Simon and Ayman Omar from the university's Kogod School of Business, was accepted for publication by the European Journal of Operation Research. They found that a data breach due to a third-party supplier was more likely to lead to an underinvestment in cybersecurity measures. High-profile third-party data breaches have impacted Target, T-Mobile, and the IRS.

"Companies that want to be the most effective at preventing cyber-attacks need to look at every entity that handles their data," Omar said. "If you have one weak link, the entire operation is compromised. If I'm running a company that has strong cyber security measures in place, but my third-party vendors don't, the company is still at risk."

To mitigate risks, Simon and Omar recommend companies that are typically competitors become allies in strengthening cyber security supply chains.

"It's in the best interest of companies that normally compete with each other to combine investments to make cyber security supply chains better," Omar added.

###

The full paper is available here: https://www.sciencedirect.com/science/article/pii/S037722171930757X.

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.