Follow
They already do. I've been working for very large organisations in both public and private sector, and on both sides - so as someone who hires suppliers, and someone who is a supplier. The amount of due dilligence and compliance forms you have to fill in each time is massive. The problem is that even if the supplier is total crap in terms of security but business really wants them, they're just going to "accept risk" and job done.