We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
BlueVoyant has released the UK findings of its second annual global survey into third-party cyber risk management. They paint a stark picture with a staggering 97% of survey respondents having suffered a cybersecurity breach because of weaknesses in their supply chain.
This compares to 82% of respondents who suffered a cybersecurity breach owing to vendor vulnerabilities in 2020. Not only is this higher than the overall average of 93% in 2021, but the UK was also second highest out of all the regions surveyed. The UK was surpassed by European respondents in Germany and The Netherlands (grouped together), where 99% reported supply chain-related cybersecurity breaches.
The study was conducted by independent research organisation, Opinion Matters, and recorded the views and experiences of 1,200 CIOs, CISOs and Chief Procurement Officers, with 300 respondents from the UK, in organisations with more than 1,000 employees across a range of industries including: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defence. It covered six countries: U.S., Canada, Germany, The Netherlands, the United Kingdom, and Singapore.
A bleak picture of rising threats and low vendor risk visibility
Other key UK survey findings were equally stark:
• The average number of breaches experienced in the UK in the last 12 months grew from 2.64 in 2020 to 3.57 in 2021.
• UK firms are experiencing a higher-than-average percentage of breaches with 59% experiencing between 2 and 5 negatively impacted cybersecurity breaches compared to the 49% overall average. This has led to a corresponding decrease in the number of UK respondents reporting a single breach, with 33% overall compared to 42% overall.
• However, only 27% of UK respondents consider third-party cyber risk a key priority for their firm, compared to a 42% global average.
• Additionally, UK respondents are least likely to be aware of any risks in their supply chain, with 38% saying that cyber risk was not on their radar. This compares to 22% in North America, 23% in Singapore, and 31% in Germany and The Netherlands.
• At the same time, the number of companies reporting supply chains with more than 1,000 companies rose dramatically from 8% in 2020 to 43% in 2021. This means that the average vendor ecosystem in the UK now contains 3,715 third parties, a rise from 1,013 in 2020.
• Automation is key to effective risk monitoring and the use of vendor risk management programmes in the UK was lower than average (32% have a programme in place versus the overall average of 39%).
• 39% of UK respondents say they have no way of knowing if a cyber risk emerges in a third-party vendor, an increase on the 34% who said this in 2020.
James Tamblin, President of BlueVoyant UK, said: “It is concerning that UK firms are not prioritising supply chain cybersecurity risk, despite such a high prevalence of cyber breaches. I would have expected firms to be focusing urgently on addressing third-party cyber risk, especially bearing in mind that almost all the UK firms surveyed have experienced a breach via their supply chain – this should be sounding alarm bells and prompting immediate action. With supply chains stretched to the breaking point by the pandemic, many UK firms have had to diversify suppliers to build resilience, which could also be limiting visibility.”
