The recent DeepSeek case highlights a growing challenge: businesses must assess security risks before selecting suppliers, partners, or technology providers. Whether it’s an AI tool, a cloud service, or a logistics partner, failing to conduct a proper security risk assessment can expose organizations to cyber, physical, and hybrid threats.

Security risks today extend beyond technical vulnerabilities—threat actors, including state-affiliated groups, cybercriminals, and insider threats, exploit weak links in supply chains. Here’s a brief overview of how to perform a structured security risk assessment to reduce exposure.

Key Steps in a Security Risk Assessment

1. Define Scope and Critical Assets

• Identify what systems, data, and operations the supplier will access.
• Assess the impact of a potential compromise on business continuity, customer data, or intellectual property.
• Consider indirect exposure—is the supplier a target due to its role in critical services?

2. Map the Threat Landscape

• Identify who might have an interest in targeting this supplier.
• Investigate ties to high-risk jurisdictions or state-affiliated entities.
• Review past incidents—has this supplier or similar vendors been targeted before?

3. Assess Supplier Security Maturity

• Does the supplier follow strong cybersecurity practices?
• Are their security policies transparent and aligned with industry standards?
• Do they comply with relevant regulations, such as NIS2?

4. Evaluate Hybrid Threat Exposure

• Could the supplier be targeted by both cyber and physical attacks?
• Are there risks from insider threats, economic coercion, or geopolitical tensions?
• Could an attack on you be a stepping stone to the supplier—or vice versa?

5. Make Informed Decisions

• Can risks be mitigated through contract clauses, monitoring, or technical controls?
• Is the supplier worth the risk, or should alternatives be considered?
• Establish a process for continuous risk monitoring—a one-time assessment is not enough.

Automating Supply Chain Security Risk Assessments

Performing security risk assessments manually is time-consuming and requires expertise. That’s why we’ve developed a solution to automate supplier security risk assessments, making it easier to detect potential security issues.

OpenHorizon, supported by Innovation Norway, is developing a cutting-edge solution to improve Due Diligence processes for M&A, supply chain evaluations, and market entry risk assessments.

The Due Diligence Solution is designed to provide organizations with an advanced tool to:

• Automate security risk assessments, offering clear insights into threat actors, scenarios, and mitigation measures.
• Support strategic decision-making by enhancing risk awareness related to market entry and supply chain vulnerabilities.

This solution aims to streamline complex risk evaluations and enable organizations to make informed, data-driven decisions.

Want to learn more? Book a demo