The study reveals that 74% of software supply chains experienced cyber attacks in the past year, representing an increase in both frequency and financial impact compared to two years ago. The survey, based on responses from 200 UK IT decision-makers and cybersecurity leaders, coincides with the UK government’s efforts to enhance software resilience and security as part of its £2.6 billion National Cyber Strategy. The findings emphasize vulnerabilities that require attention to effectively mitigate risks within software supply chains. One alarming discovery is the prevalence of hidden participants within these chains, with over two-thirds of businesses recently uncovering unknown entities.

This gap in oversight is often attributed to shortcomings in regulatory and compliance processes, as fewer than 20% of UK companies request ongoing security compliance evidence from suppliers. Organizational challenges also include limited technical understanding and visibility in software supply chain inventories, hindering frequent monitoring and enforcement of robust security measures. Furthermore, the survey highlights the types of security measures currently in place, such as data encryption, staff training programs, and multi-factor authentication. However, the lack of ongoing compliance checks undermines these efforts, despite the high level of confidence expressed in suppliers’ ability to identify and prevent vulnerabilities.

Keiron Holyome, Vice President of UKI & Emerging Markets at BlackBerry, stressed the significant consequences of cyber attacks reported by organizations, including financial loss, data loss, reputational damage, and operational impact. To address these gaps, the study recommends adopting advanced technologies like AI-powered Managed Detection and Response tools, which offer continuous threat monitoring and can help manage security incidents more effectively. Overall, as organizations navigate evolving cybersecurity threats, implementing these advanced technologies may be crucial in safeguarding against future attacks.