TABLE 4: Do you have a cybersecurity rating from an external provider such as SecurityScorecard? Yes Other Provider No I Don't Know/ Other Suppliers $100M+ 9% 36% 45% 9% Suppliers $25M-$100M 33% 10% 53% 3% Suppliers $10M-$25M 14% 18% 45% 23% Suppliers $3M-$10M 4% 13% 70% 13% Suppliers Under $3M 0% 13% 75% 13% Regarding the relatively low percentage of suppliers who have a cybersecurity rating from an external provider, Harris expands upon his previous point about being strategic with spending on tech. “We all know cybersecurity matters, but when you’re managing cash flow and trying to keep customers happy, you invest where you see immediate returns first,” he says. “We’re taking a practical approach. Customer-facing technology comes first, then we build security and backend systems as we can afford them. Our clients care more about whether we can deliver their order on time than whether we have the latest authentication protocols.” TABLE 5: Does your company use an ERP or Order Management System as a single source of truth for business transactions? Suppliers $100M+ 100% Suppliers $25M-$100M 87% Suppliers $10M-$25M 95% Suppliers $3M-$10M 83% Suppliers Under $3M 75% Enterprise Resourcing Planning software systems, which help run an entire business, continue to grow in popularity amongst promo firms. Nearly two dozen members of the 2025 PPAI 100 reported updating or implementing their ERP systems over the past year, which correlates to this data. TABLE 6: Do you have multi-factor authentication implemented across your systems? Adults Data Protection Officer Employee Training Software Other Suppliers $100M+ 33% 0% 17% 0% 0% Suppliers $25M-$100M 23% 3% 3% 3% 0% Suppliers $10M-$25M 23% 9% 9% 5% 5% Suppliers $3M-$10M 42% 4% 25% 0% 4% Suppliers Under $3M 50% 0% 13% 25% 0% Employee training is the predominant way that suppliers ensure compliance with relevant IT governance and data protection regulations. Equipping staff with the tools, resources and knowledge is essential to minimizing security risks and protecting sensitive information from breaches or misuse. PPAI • SEPTEMBER 2025 • 31 The State Of Innovation 2025 | Must Read
RkJQdWJsaXNoZXIy NzU4OQ==