In KPMG's recent UK CEO Outlook Survey, 81% of leaders said that protecting their partner ecosystem and supply chain is just as important as building their own organisation's cyber defences. Given the numerous high-profile supply chain cyber-attacks seen in 2021, this will not come as a surprise.

However, as enterprises continue to prioritise digital transformation, the sharing of data throughout a complex and connected ecosystem of partners and suppliers will only get more convoluted. Already, they have incredibly complex ecosystem structures and may not have clear obligations for establishing adequate controls to protect their partners' data, leaving the entire network vulnerable to cyberattacks.

Furthermore, existing vetting processes for suppliers requires tremendous and perhaps infeasible due diligence by each ecosystem partner. Some existing approaches aren't even fit for purpose.

As a result, many businesses, third-party vendors, and even regulators are under increased pressure to provide continuous assurance over the security of their ecosystems. This is only going to become more challenging as the complexity of the supplier ecosystem increases, and fourth parties, shadow-IT, and a lack of SaaS provider oversight demand more and more attention.