Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
https://www.ft.com/content/dd04f86d-14a1-4359-9c94-0225c564bf02

Risk Ledger’s core product is a “map” that gives companies an easy way to look at the cyber security status of all their suppliers. Those suppliers, often under the terms of their contracts with their clients agree to upload details of their security systems to Risk Ledger and to notify it of any changes. If Risk Ledger detects potential problems, action can be taken to fix them. The database is updated continuously, avoiding the need to reassess the supplier’s security every year, or every time the contract is renewed. As more companies sign up, Brooks is hoping for a network effect. “The very first basic concept was to have a social network,” he explains. “If we can have a social network that allows me, as a user, to understand your security and then allows you to do the same with other users, we can use that social network . . . to map out connections between companies. And we can use that in a way that protects the entirety of the network.” This could help suppliers as much as the customers that encouraged them to sign up in the first place, Brooks argues. Suppliers can connect with other companies that are already in the system, allowing Risk Ledger to help them cut down on the paperwork, as they will not have to tell all their clients separately about their security status every year. More than 2,500 organisations have shared their supplier profile, the company says, including 12 FTSE 100 companies.