- What to Do If You Book a Hotel or Airbnb and It Turns Out to Be a Scam | McAfee Blog
- Cómo evitar la fuga de cerebros en TI
- Is ChatGPT Plus still worth $20 when the free version packs so many premium features?
- How this 'FinOps for AI' certification can help you tackle surging AI costs
- ChatGPT can record, transcribe, and analyze your meetings now
Half of Firms Suffer Two Supply Chain Incidents in Past Year
Nearly half (46%) of organizations have experienced at least two cybersecurity incidents in their supply chain over the past year, according to new research by Risk Ledger presented at Infosecurity Europe 2025.
The survey also found that 90% of UK respondents view supply chain cyber incidents as a top concern for 2025.
Read now: SecurityScorecard Observes Surge in Third-Party Breaches
Despite this concern, many respondents believe that current approaches to third-party risk management (TPRM) are insufficient, with just 37% rating them as very effective.
A major issue appears to be a lack of communication between relevant stakeholders to expose and resolve risks across the supply chain. According to the report, 54% of TPRM functions only occasionally collaborate to identify systemic risks.
Additionally, significant variations were highlighted in the supply chain security capabilities across different sectors.
While 48% of respondents in the legal sector reported full visibility into all tiers of their supply chain, just 14% reported the same.
Haydn Brooks, CEO of Risk Ledger, described the current state of TPRM as “fundamentally broken.”
“The recent wave of cyber-attacks show just how exposed supply chains really are. Compliance-led box ticking isn’t cutting it anymore. Security teams are stuck in reactive mode, patching holes while attackers move faster. Until we rethink how we secure the full supply chain, we’re just playing whack-a-mole,” he said.
It has been reported that the recent ransomware attack on UK retailer Marks & Spencer (M&S) may have come via a software supplier. IT firm Tata Consultancy Services is currently conducting an internal investigation to determine whether it was the gateway for the attack.
Impact of UK Cyber Security and Resilience Law
The UK government’s Cyber Security and Resilience Bill, due to come into force later this year, has a strong emphasis on supply chain security.
The legislation is viewed as the UK’s answer to the EU’s Network and Information Systems Directive 2 (NIS2), expanding the scope of NIS to other types of digital service providers and emphasizing the importance of supply chain cyber management.
In the Risk Ledger survey, many respondents wanted the government to go further, including:
- Greater emphasis on identifying systemic risks and assigning responsibility (50%)
- Enhanced powers for regulators to enforce compliance (46%)
- Incentives and mandates for cross-industry collaboration and information sharing (41%)
The research surveyed 500 respondents from the UK with involvement in their organisation’s third-party and supply chain risk management and/or broader supply chain cybersecurity efforts.
