Skip to content

Supply chain: a cyber vulnerability blind spot

Supply chain: a cyber vulnerability blind spot
The supply chain is highlighted as the new frontier for cybercrime. Although activity can be outsourced, responsibility and accountability cannot, experts warn.

Table of Contents

UK businesses are feeling confident in their cyber security, but a recent report from RSM reveals that supply chain attacks are still a major vulnerability. The report found that 74% of UK IT decision makers received notification of a cyber attack or vulnerability in their software supply chain in the past year. Additionally, 26% of respondents admitted that they had suffered an attack on a key third-party service provider that impacted their business. Stuart Leach, a technology and cyber risk assurance partner at RSM, emphasized the importance of understanding the cyber footprint and maintaining a full list of suppliers to mitigate third-party cyber risks. Ian Pay, Head of Data and Analytics at ICAEW, stressed that an organization's cyber defenses are only as strong as the weakest link and urged companies to have robust conversations with organizations that play a critical role in their IT infrastructure and data processing/storage. Nick Wildgoose, an independent supply chain risk consultant, highlighted the need for businesses to consider cyber protections beyond endpoint solutions and focus on the software bill of materials. The RSM survey polled 408 senior executives from UK middle market businesses and financial institutions. The National Cyber Security Centre and ICAEW offer a range of resources to help businesses understand and manage supply chain cyber security risks. In October's Cyber Security Awareness Month, ICAEW is running a range of articles, webinars, and podcasts on the biggest issues in supply chain cyber security. They also provide a cyber security hub for ICAEW members looking for support in managing cyber risks.