Few organisations check their managed service providers

According to the National Cyber Security Centre (“NCSC”), a third of charities are using at least one managed service provider, but only 13% reviewed the risks posed by immediate suppliers.

That raises a couple of questions:

  • Are two thirds of charities really not using any managed service providers for cloud CRM, cloud storage, hoisted email, etc?
  • Of those that do, why are they not checking the risks which should be done as part of the RoPA / Information Audit?

You can see the full NCSC article at https://www.gov.uk/government/news/businesses-urged-to-boost-cyber-standards-as-new-data-reveals-nearly-a-third-of-firms-suffering-cyber-attacks-hit-every-week and why not check your RoPA / Information Audit is up-to-date now?