- Adobe reveals 10 purpose-built AI agents - here's what they can do for your business
- Security Researcher Proves GenAI Tools Can Develop Chrome Infostealers
- Navigating the Future of Connectivity: Services Opportunities around Cisco’s Wi-Fi 7
- The 13+ best Amazon Spring Sale deals under $25
- The best tax software of 2025
Third of UK Supply Chain Relies on “Chinese Military” Companies
UK companies have larger, more complex and more exposed digital supply chains than their global peers and are heavily reliant on firms linked to the Chinese military, according to Bitsight.
The cybersecurity vendor used data on third-party relationships, alongside its own security scanning technologies, entity mapping and financial data to produce its latest report, Under the Surface: Uncovering Cyber Risk in the Global Supply Chain.
The study mapped 500,000 organizations, 40,000 products, 12,000 providers and over 61 million digital supply chain relationships.
It found that a typical UK organization uses 29.1 different providers and 81.6 different products, which amounts to a 10% larger digital supply chain than the global average. A larger supply chain translates into a bigger attack surface for threat actors to target, Bitsight claimed.
Read more on supply chain risk: Tj-actions Supply Chain Attack Exposes 23,000 Organizations
Two particular concerns stand out for UK firms. The first is their apparent reliance on organizations designated by the US Department of Defense as “Chinese military companies.”
Some 30% of the UK supply chain (versus 33% in the US) is linked to such firms, which include Tencent, China Telecom, Qihoo, China Unicom and Huawei. A surprising 7% (rising to 11% in the US) have a business relationship with the Third Research Institute of the Ministry of Public Security, a Chinese government body known for developing AI-powered surveillance technology.
The second big concern for UK and global organizations is that of “hidden pillars.” These are specialized providers that serve a relatively small number of customers, but play a crucial role in major industries.
These companies, which typically have a market share of under 2% based on number of customers but a revenue share over 20%, are mainly in the tech sector. They include firms like Dynatrace, Cloudera, QlikTech and databricks.
Bitsight warned that a failure at one of these companies could have a “cascading” impact on large swathes of the global economy.
“Over the past year, we’ve seen several highly visible security incidents that highlight how incidents in the digital supply chain can have a massive ripple effect across the global economy,” said Ben Edwards, principal research scientist at Bitsight.
“Even the most security-conscious companies are vulnerable to weaknesses in their supply chain. Organizations must continuously evaluate their third-party vendors and suppliers and work proactively to close security gaps.”
Providers Under the Spotlight
The report also highlighted that suppliers or providers of digital products are often more exposed to security risks than their customers, due to complex vendor relationships and larger attack surfaces.
On average, providers use 2.5 times more products and have 10 times more internet-facing assets globally than their customers, Bitsight said.
They also lag their corporate customers in several key areas including patch management, open ports, insecure systems and botnet infections.
