Some 97% of UK organizations suffered a supply chain breach over the past year, up from 82% in 2020 and the second highest figure globally, according to BlueVoyant.
The security firm polled 1200 C-level executives with responsibility for managing risk in supply chains, across the UK, US, Singapore, Canada, Germany and the Netherlands.
UK firms also experienced a higher-than-average percentage of breaches: 59% suffered between two and five supply chain incidents compared to an overall average of 49%. The average number of breaches in the country grew from 2.64 in 2020 to 3.57 in 2021.
Perhaps unsurprisingly given these figures, only a quarter (27%) of UK respondents said they consider third-party cyber risk a key priority versus a 42% global average.
This is despite the fact that budgets are on the rise: 92% said third-party cyber risk management funds are increasing in 2021, up from 87% in 2020.
The figures are increasingly concerning as supply chains expand, driving up complexity and creating potential visibility and control gaps. The number of companies reporting supply chains with more than 1000 partners rose from 8% in 2020 to 43% in 2021 — meaning the average vendor ecosystem in the UK now contains 3715 third parties, up from 1013 in 2020.
Two-fifths (39%) of British firms said they’ve no way of knowing if a cyber risk emerges in a third-party vendor, up from 34% in 2020.
BlueVoyant UK president, James Tamblin, argued that as firms were forced to find new suppliers during the pandemic, they may have taken their eye off the ball regarding cyber risk management.
“I would have expected firms to be focusing urgently on addressing third-party cyber risk, especially bearing in mind that almost all the UK firms surveyed have experienced a breach via their supply chain. This should be sounding alarm bells and prompting immediate action,” he added.
“With supply chains stretched to the breaking point by the pandemic, many UK firms have had to diversify suppliers to build resilience, which could also be limiting visibility.”
The one area where UK companies fared better than those in other countries related to how frequently they reassess vendors and brief the executive team on the results.
The percentage monitoring weekly rose from just 4% in 2020 to 12% in 2021, while over a third (35%) are assessing monthly, a rise of 6% on last year.
Phil Muncaster UK / EMEA News Reporter, Infosecurity Magazine