Supply chain cyber risk remains a persistent problem for UK businesses, with 97% of respondents to a recent survey by cybersecurity firm BlueVoyant reporting having suffered negative impacts from a breach in a third party or supplier partner in the last year, a figure that has remained the same for the past three years.

While organisations have struggled to significantly reduce the risks to date, the survey – which included 300 senior UK technology and security figures alongside wider research involving over 1000 employees from 11 countries – shows evidence of growing focus, with increasing board oversight, growing budgets, and rising third-party monitoring frequency.

Among the key findings from the research, the average number of supply chain/third-party originated breaches reported in the UK stood at 3.91, a slight drop from 4.26 in 2022 but still higher than 2021's figure of 3.57. 25% of respondents had suffered between 6 and 10 breaches, a rise from last year's figure of 21%.

68% said that supply chain/third-party cybersecurity risk is either not a priority or only somewhat of a priority, a rise from 62% who said this in 2022. 37% of UK respondents say they have no way of knowing if an issue arises with a third-party/supplier's cybersecurity. This figure is consistent with last year’s responses and is considerably higher than the global average of 26%.

There are signs that monitoring frequency is improving. This year, 46% say they monitor third-party supplier risk monthly or more frequently, an increase from 39% who reported this frequency last year.

Joel Molinoff, global head of supply chain defence at BlueVoyant, said: “UK businesses are still struggling to make progress on reducing supply chain and third-party cyber risk. Awareness and prioritisation remain low and breach frequency is persistently high. However, there are positive signs around rising monitoring rates and increased frequency of senior leadership briefings that may signal the start of a more determined and dynamic approach.”

---