UK companies struggle to prioritise and reduce supply chain cyber security risks

95% of UK businesses said they were negatively impacted by supply chain cyber breaches within the last year, with poor supply chain visibility a major issue.

  • Wednesday, 6th November 2024 Posted 2 weeks ago in by Phil Alsop

BlueVoyant has published the findings of its The State of Supply Chain Defence Annual Global Insights report. Now in its fifth year, the UK findings reveal that tackling supply chain cyber risk continues to be a pressing and persistent challenge. Ninety-five percent of surveyed UK organisations experienced negative impact from cyber security incidents in their supply chain, which is significantly higher than the 81% of global respondents who indicated the same.

Other key highlights from UK respondents include:

34% said they have no way of knowing when a cyber security incident occurs within their supply chain, greater than the global average of 30%.

66% said that third-party cyber security risk management is either not a priority, or somewhat of a priority, a slight decrease from 68% who said this in 2023.

92% said their budget increased for third-party cyber security risk management programmes, compared to 86% globally.

“UK businesses continue to struggle with the pressing challenge of mitigating supply chain and third-party cyber risks,” said Robert Hannigan, BlueVoyant head of international business Europe and Middle East, and former director of GCHQ. “Despite the risks, awareness and prioritisation of these issues remains low, while breaches continue to happen. The importance of managing risk across the supply chain cannot be understated. Not just from a brand and security perspective, but also with growing EU regulations such as NIS2 and DORA which call for better risk management, particularly across the supply chain, this is a strategic imperative.”

The study was carried out by an independent market research organisation, Opinion Matters, who surveyed 2,100 C-suite leaders responsible for supply chain and cyber risk management. The research was conducted in 11 countries across North America, Europe and Asia Pacific. Three hundred respondents were from the UK, representing organisations with more than 1,000 employees across a range of industries.

UK Supply Chain Cyber Risk Monitoring and Visibility is Decreasing

The research highlights that monitoring frequency in the UK is not improving — in fact, it has decreased. This year, 34% of businesses said they monitor third-party supplier risk monthly or more frequently, which is a drop from 46% in 2023. This lack of regular monitoring is likely having a big impact, as 95% of UK organisations say they were negatively affected by supply chain cyber incidents in the past 12 months.

Additionally, 34% of the UK respondents indicated they have no way of knowing if an issue arises with a third party, compared to 27% globally. This is likely because 57% of respondents said they don’t assess all vendors, primarily due to a lack of expertise, technology, and resources. UK respondents are also less likely to use solutions that provide autonomous visibility into the cyber risks of their supply chain ecosystem, with only 11% saying they do this, compared to 15% globally.

Disconnect Between Budgets and Impact of a Supply Chain Incident

The good news is that 92% of UK organisations are reporting budget increases with their third-party cyber security risk management programmes.

“Prioritisation of third-party cyber security risk in UK organisations isn’t changing as much as it should be,” said Joel Molinoff, BlueVoyant global head of supply chain defence. “Organisations must step up their efforts to proactively monitor their third parties and drive mitigation of critical risks with their vendors. Globally we are seeing a shift from third-party risk management identification to enforcement and compliance. The budget increases should help the UK’s organisations move toward more third-party cyber risk maturity like other regions.”  

The promise of AI is on every biopharma’s radar, but the reality today is that much of the industry is grappling with how to convert the hype into...
IT teams urged to resolve ‘data delays’ as UK executives struggle to access and use relevant business data.

‘Playtime is over’ for GenAI

Posted 6 days ago by Phil Alsop
NTT DATA research shows organizations shifting from experiments to investments that drive performance.

GenAI not production-ready?

Posted 6 days ago by Phil Alsop
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient governance to implement GenAI.

AI tops decision-makers' priorities

Posted 6 days ago by Phil Alsop
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100 global IT decision-makers and professionals, the...

The state of cloud ransomware in 2024

Posted 6 days ago by Phil Alsop
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm.
Talent and training partner, mthree, which supports major global tech, banking, and business clients to build job-ready teams, has revealed the...

AI innovation is powering the Net Zero transition

Posted 6 days ago by Phil Alsop
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.