Just a third of UK firms say they are tackling the threat as governments introduce new digital supply chain rules

Research of Britain’s top companies shows the majority (91% up from 84% in 2020) see cyber threats as a high or very high risk to their business, but nearly a third are not taking action on supply chain cyber security.

Just 69% say their organisation actively manages supply chain cyber risks according to the ‘Captains of Industry’ study carried out by Ipsos MORI. The survey involved chairs, CEOs and directors among Britain’s top companies sharing their views on cyber security.

It comes as research suggests supply chain cyberattacks have quadrupled in 2021 versus last year, according to the European Union Agency for Cybersecurity (ENISA).

These attacks are becoming particularly attractive to cybercriminals because of their scalability.

An attack on US software firm Kaseya in July 2021 affected up to 1,500 businesses across the globe. In Sweden alone, almost 500 supermarkets were forced to close when their checkouts stopped working as a result of the attack.

Experts at Cyber Polygon 2021, an international online conference and cybersecurity training event held last July, discussed how to increase supply chain resilience using a ‘zero-trust’ approach.

Meanwhile, the UK government is proposing that IT service providers should follow new cyber security rules. Other plans to protect the country’s digital supply chains include new procurement rules to ensure the public sector buys services from firms with good cyber security and plans for improved advice and guidance campaigns to help businesses manage security risks.

UK minister for Media, Data and Digital Infrastructure, Julia Lopez, said: As more and more organisations do business online and use a range of IT services to power their services, we must make sure their networks and technology are secure.

“We are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses’ digital footprint and protect their sensitive data.

The government will develop more detailed policy proposals and it is currently carrying out a review of the laws and measures which encourage firms to improve their cyber security with the intention of launching a new national cyber strategy later this year.