Management Consulting
Aon
Full Credential Description
Schneider Electric faced significant challenges in managing cyber risks due to its extensive digital transformation and sustainability ambitions. The company operates across five continents and over 100 countries, with a complex supply chain involving more than 50,000 unique providers. This vast digital footprint increased the potential for cyber attacks, particularly as the landscape evolved with technological advancements and shifting political and financial incentives. Schneider Electric recognized that 60% of companies had experienced a breach in the past two years, with 74% of these breaches stemming from third-party vulnerabilities, underscoring the critical need for robust cybersecurity measures. To address these challenges, Schneider Electric implemented a comprehensive, risk-based approach to manage cybersecurity risks from third parties. This involved segmenting suppliers into various risk categories—critical, high, medium, etc.—based on their business strategy, value proposition, and risk exposure. The company established a supplier security management policy that applies high-level controls to all suppliers, regardless of sector. Additionally, Schneider Electric mandated that all suppliers sign cybersecurity addendums based on their evaluated risk profiles. The program also includes ongoing monitoring through external risk rating services, regular audits, and threat intelligence, including monitoring the dark web for potential threats to its supply chain. As a result of these tailored solutions, Schneider Electric has enhanced its cybersecurity posture significantly. The company has fostered a culture of transparency regarding supplier vulnerabilities and incidents, ensuring that cybersecurity remains a priority in supplier interactions. This proactive approach not only mitigates risks but also strengthens relationships with suppliers and customers, ultimately enhancing Schneider Electric's resilience against cyber threats. The ongoing evolution of its cybersecurity program, which has matured over more than a decade, positions Schneider Electric to adapt to emerging threats and maintain compliance with complex regulations across its global operations.