SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Flux result b482a0db 8800 40e7 9218 a18386d435d8
#
SaaS
#
Advanced Persistent Threat Protection
#
Supply Chain

Risk Ledger expands into Maryland to target US cyber market

Wed, 25th Mar 2026
Author image
By Sofiah Nichole Salivio, News Editor

Risk Ledger has expanded into the United States with a new base in Maryland.

The move gives the UK-founded supply chain security firm a presence in one of the country's largest cyber clusters. It plans to use the Maryland operation to build its US go-to-market team as it targets customers across North America.

Founded in 2018, Risk Ledger employs 75 people in the UK and works with organisations in sectors including government, insurance and energy.

Its US entry comes as companies and public bodies face growing scrutiny over cyber risks beyond their direct suppliers. A series of attacks has exposed weaknesses in third-party and broader supply chain relationships, increasing pressure on organisations to improve oversight of wider supplier networks.

Risk Ledger focuses on mapping supplier links across supply chains rather than relying on periodic questionnaires or point-in-time reviews. Its system is designed to help organisations identify concentration risks, supplier dependencies and emerging threats across those networks.

Maryland base

The Maryland launch is being supported by the state's Global Gateway programme, placing Risk Ledger in a market with strong links to federal and defence institutions as it builds its US presence.

To lead that effort, Risk Ledger has appointed Matthew Fox to oversee US growth. He previously held leadership roles at Mimecast and Cymulate, and most recently founded cybersecurity company RiskApp.

Haydn Brooks, Chief Executive and Co-founder of Risk Ledger, linked the expansion to changes in how companies assess supplier exposure.

"Supply chains have become the biggest attack surface in cybersecurity, yet most organisations are still relying on outdated approaches to manage supplier risk," Brooks said.

He also outlined the company's model for monitoring supplier risk across connected businesses.

"Security can no longer be managed in isolation. It requires visibility and collaboration across the entire ecosystem. At Risk Ledger, we're pioneering Active Supply Chain Security - connecting organisations and suppliers on a shared network so they can identify systemic risks and emerging threats in real time. Expanding into Maryland allows us to work alongside one of the world's most advanced cybersecurity communities as we help organisations strengthen the resilience of their supply chains," Brooks said.

Risk Ledger is entering a US cyber market where supply chain risk has become a bigger board-level issue. High-profile incidents have pushed organisations to look beyond immediate vendors and examine the resilience of fourth-party and nth-party relationships, particularly in sectors that handle sensitive data or underpin critical services.

That has created demand for tools that show how suppliers connect to one another and where hidden dependencies sit. In practice, many organisations still rely on fragmented procurement records, spreadsheet-based tracking and supplier questionnaires that may be out of date by the time they are reviewed.

US push

Risk Ledger's approach centres on a shared network that allows suppliers and customers to update security information on an ongoing basis. The company argues that this gives organisations a broader view of systemic risk than conventional third-party risk management methods.

Maryland officials welcomed the decision to establish operations in the state.

"Risk Ledger believes that locating in Maryland will give it a greater opportunity to grow globally-and we couldn't agree more," said Harry Coker Jr., Secretary of the Maryland Department of Commerce. "By joining our state's expansive cyber community, the company can immerse itself in the nation's digital economy and expand its presence across the U.S. We look forward to working with the Risk Ledger team in the years to come."

The expansion gives Risk Ledger a foothold in the world's largest cybersecurity spending market, while testing whether its supply chain-focused model can gain traction with US customers facing tighter oversight of cyber risk across supplier ecosystems.

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
Locai Labs deploys AI coding assistant at First Light Fusion
BlackBox Hosting partners Everpure for sovereign cloud
Infosecurity Europe adds AI summit amid cyber defence shift

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack