The study reveals alarming statistics about the vulnerability of software supply chains. Nearly three-quarters (74%) of the surveyed supply chains reported facing cyber attacks in the last twelve months, demonstrating an increase in both the frequency and financial impact of these attacks compared to previous years.

The survey included responses from 200 IT decision-makers and cybersecurity leaders across the UK, arriving at a time when the UK government is working on bolstering the resilience and security of software through its National Cyber Strategy. The findings highlight key areas of vulnerability that need to be addressed to effectively mitigate risks in software supply chains.

One concerning discovery was the prevalence of hidden participants within software supply chains. More than two-thirds (68%) of businesses reported uncovering these unknown entities only recently, often due to shortcomings in regulatory and compliance processes.

Additionally, less than 20% of UK companies request security compliance evidence from suppliers beyond the initial onboarding stage. The lack of technical understanding and visibility in software supply chain inventories presents another challenge for organizations.

Over half (56%) of respondents cited insufficient technical know-how as a barrier to frequent monitoring, while nearly half (48%) pointed to visibility issues. Lack of effective tooling (43%) and skilled personnel (36%) further undermined efforts to enforce robust security measures consistently.

The survey detailed the types of security measures currently implemented by UK organizations, indicating that while data encryption and staff training programs are in place for a significant portion of businesses, ongoing compliance checks are lacking. Despite expressing confidence in their suppliers’ ability to identify and prevent vulnerabilities, few companies consistently verify compliance, leaving openings for cyber criminals to exploit.

The report emphasizes the substantial consequences of cyber attacks, including high levels of financial loss, data loss, reputational damage, and operational impacts reported by organizations. To address these gaps, the study advocates for the adoption of advanced technologies such as AI-powered Managed Detection and Response (MDR) tools, which offer continuous threat monitoring and can help manage complex security incidents more effectively.

As organizations navigate the evolving landscape of cybersecurity threats, implementing these advanced technologies may be crucial in safeguarding against future attacks.