The study indicates that nearly three-quarters (74%) of software supply chains have faced cyber attacks within the last twelve months. This shift demonstrates not only an increase in the frequency of these attacks but also a greater financial impact compared to data from two years prior.
The survey, which included responses from 200 IT decision-makers and cybersecurity leaders across the UK, arrives as the UK government works to bolster the resilience and security of software as part of its £2.6 billion National Cyber Strategy. The findings highlight several key areas of vulnerability that need addressing to mitigate risks effectively.
One of the study’s alarming discoveries is the prevalence of hidden participants within software supply chains. More than two-thirds (68%) of businesses reported uncovering these unknown entities only recently.
This gap in oversight often stems from shortcomings in regulatory and compliance processes. Shockingly, fewer than 20% of UK companies request security compliance evidence from suppliers beyond the initial onboarding stage.
Lack of technical understanding and visibility in their software supply chain inventories presents another challenge for organisations. Over half (56%) of respondents cited insufficient technical know-how as a barrier to frequent monitoring, while nearly half (48%) pointed to visibility issues.
Effective tooling (43%) and skilled personnel (36%) are also lacking, undermining efforts to enforce robust security measures consistently. The survey detailed the types of security measures currently implemented by UK organizations.
Data encryption is used by 54% of businesses, while staff training programs are in place for 47%. Multi-factor authentication is utilized by 43%, reflecting a solid foundational approach to security.
However, these efforts are undermined by the lack of ongoing compliance checks, with less than a fifth of companies requesting ongoing evidence of adherence to security standards. Interestingly, the survey found that nearly all respondents expressed confidence in their suppliers’ ability to both identify and prevent vulnerabilities.
Despite this high level of trust, the reality remains that few companies consistently verify compliance, leaving openings for cyber criminals to exploit. Keiron Holyome, Vice President of UKI & Emerging Markets at BlackBerry, noted, “Our latest research comes at a time of increased regulatory and legislative interest in addressing software supply chain security vulnerabilities.
The report also underscores the substantial consequences of these cyber attacks. High levels of financial loss were reported by 62% of organisations, alongside data loss (59%), reputational damage (57%), and operational impact (55%).
Such outcomes highlight the critical need for improved security measures and practices across software supply chains. To address these gaps, the study advocates for the adoption of advanced technologies such as AI-powered Managed Detection and Response (MDR) tools.
These solutions offer continuous threat monitoring and can help IT teams manage complex security incidents more effectively. As organizations navigate the evolving landscape of cybersecurity threats, implementing these advanced technologies may be crucial in safeguarding against future attacks.