A recent study reveals that 74% of software supply chains have experienced cyber attacks in the past year. This represents both an increase in the frequency of attacks and a greater financial impact compared to data from two years ago.

The survey, conducted with 200 IT decision-makers and cybersecurity leaders across the UK, coincides with the UK government’s efforts to strengthen software resilience and security as part of its £2.6 billion National Cyber Strategy. The findings highlight several vulnerable areas that require attention to effectively mitigate risks.

The study’s most alarming discovery is the prevalence of hidden participants within software supply chains, as more than two-thirds of businesses reported uncovering these unknown entities only recently. This gap in oversight often results from deficiencies in regulatory and compliance processes.

The survey also identified a lack of technical understanding and visibility in software supply chain inventories as a challenge for organizations. Over half of respondents cited insufficient technical know-how and nearly half pointed to visibility issues as barriers to effective monitoring, while lacking effective tooling and skilled personnel further undermines efforts to consistently enforce robust security measures.

In terms of security measures, data encryption is implemented by 54% of businesses, while staff training programs and multi-factor authentication are used by 47% and 43%, respectively. However, the lack of ongoing compliance checks undermines these efforts, as less than a fifth of companies request ongoing evidence of adherence to security standards.

Despite a high level of confidence in their suppliers’ ability to identify and prevent vulnerabilities, few companies consistently verify compliance, leaving openings for cyber criminals to exploit. This is reflected in the substantial consequences of cyber attacks, as reported by 62% of organizations, including high levels of financial loss, data loss, reputational damage, and operational impact.

To address these gaps, the study recommends the adoption of advanced technologies such as AI-powered Managed Detection and Response (MDR) tools, which offer continuous threat monitoring and can help IT teams manage complex security incidents more effectively. As organizations navigate the evolving landscape of cybersecurity threats, implementing these advanced technologies may be crucial in safeguarding against future attacks.