Supply chain weaknesses - cause for security concern

UK respondents are least likely to prioritise third-party cyber risk management, despite high prevalence of cyber breaches, and are most likely to say that third party cyber risk is NOT on their radar.

  • 2 years ago Posted in

BlueVoyant has released the UK findings of its second annual global survey into third-party cyber risk management. They paint a stark picture with a staggering 97% of survey respondents having suffered a cybersecurity breach because of weaknesses in their supply chain.

 

This compares to 82% of respondents who suffered a cybersecurity breach owing to vendor vulnerabilities in 2020. Not only is this higher than the overall average of 93% in 2021, but the UK was also second highest out of all the regions surveyed. The UK was surpassed by European respondents in Germany and The Netherlands (grouped together), where 99% reported supply chain-related cybersecurity breaches.

 

The study was conducted by independent research organisation, Opinion Matters, and recorded the views and experiences of 1,200 CIOs, CISOs and Chief Procurement Officers, with 300 respondents from the UK, in organisations with more than 1,000 employees across a range of industries including: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defence. It covered six countries: U.S., Canada, Germany, The Netherlands, the United Kingdom, and Singapore.

 

A bleak picture of rising threats and low vendor risk visibility

 

Other key UK survey findings were equally stark:

 

The average number of breaches experienced in the UK in the last 12 months grew from 2.64 in 2020 to 3.57 in 2021.

UK firms are experiencing a higher-than-average percentage of breaches with 59% experiencing between 2 and 5 negatively impacted cybersecurity breaches compared to the 49% overall average. This has led to a corresponding decrease in the number of UK respondents reporting a single breach, with 33% overall compared to 42% overall.

However, only 27% of UK respondents consider third-party cyber risk a key priority for their firm, compared to a 42% global average.

Additionally, UK respondents are least likely to be aware of any risks in their supply chain, with 38% saying that cyber risk was not on their radar. This compares to 22% in North America, 23% in Singapore, and 31% in Germany and The Netherlands.

At the same time, the number of companies reporting supply chains with more than 1,000 companies rose dramatically from 8% in 2020 to 43% in 2021. This means that the average vendor ecosystem in the UK now contains 3,715 third parties, a rise from 1,013 in 2020.

Automation is key to effective risk monitoring and the use of vendor risk management programmes in the UK was lower than average (32% have a programme in place versus the overall average of 39%).

39% of UK respondents say they have no way of knowing if a cyber risk emerges in a third-party vendor, an increase on the 34% who said this in 2020.

 

James Tamblin, President of BlueVoyant UK, said: “It is concerning that UK firms are not prioritising supply chain cybersecurity risk, despite such a high prevalence of cyber breaches. I would have expected firms to be focusing urgently on addressing third-party cyber risk, especially bearing in mind that almost all the UK firms surveyed have experienced a breach via their supply chain – this should be sounding alarm bells and prompting immediate action. With supply chains stretched to the breaking point by the pandemic, many UK firms have had to diversify suppliers to build resilience, which could also be limiting visibility.”

Research finds that the industry is struggling with a growing resource and skills gap while...
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...