Three-quarters of UK software supply chains hit by cyber attacks

New research from BlackBerry, presented at the Infosecurity Europe event, has revealed a significant cybersecurity concern for UK organisations. The study indicates that nearly three-quarters (74%) of software supply chains have faced cyber attacks within the last twelve months. This shift demonstrates not only an increase in the frequency of these attacks but also a greater financial impact compared to data from two years prior.

The survey, which included responses from 200 IT decision-makers and cybersecurity leaders across the UK, arrives as the UK government works to bolster the resilience and security of software as part of its £2.6 billion National Cyber Strategy. The findings highlight several key areas of vulnerability that need addressing to mitigate risks effectively.

One of the study's alarming discoveries is the prevalence of hidden participants within software supply chains. More than two-thirds (68%) of businesses reported uncovering these unknown entities only recently. This gap in oversight often stems from shortcomings in regulatory and compliance processes. Shockingly, fewer than 20% of UK companies request security compliance evidence from suppliers beyond the initial onboarding stage.

Lack of technical understanding and visibility in their software supply chain inventories presents another challenge for organisations. Over half (56%) of respondents cited insufficient technical know-how as a barrier to frequent monitoring, while nearly half (48%) pointed to visibility issues. Effective tooling (43%) and skilled personnel (36%) are also lacking, undermining efforts to enforce robust security measures consistently.

The survey detailed the types of security measures currently implemented by UK organisations. Data encryption is used by 54% of businesses, while staff training programmes are in place for 47%. Multi-factor authentication is utilised by 43%, reflecting a solid foundational approach to security. However, these efforts are undermined by the lack of ongoing compliance checks, with less than a fifth of companies requesting ongoing evidence of adherence to security standards.

Interestingly, the survey found that nearly all respondents expressed confidence in their suppliers' ability to both identify and prevent vulnerabilities. Despite this high level of trust, the reality remains that few companies consistently verify compliance, leaving openings for cyber criminals to exploit.

Keiron Holyome, Vice President of UKI & Emerging Markets at BlackBerry, noted, "Our latest research comes at a time of increased regulatory and legislative interest in addressing software supply chain security vulnerabilities. Encouragingly, regulatory requirements are driving changes in behaviour, with an increasing number of UK companies now proactively monitoring their software supply chain environment." Holyome further clarified that while this trend is positive, the lack of technical expertise and visibility continues to pose significant risks.

The report also underscores the substantial consequences of these cyber attacks. High levels of financial loss were reported by 62% of organisations, alongside data loss (59%), reputational damage (57%), and operational impact (55%). Such outcomes highlight the critical need for improved security measures and practices across software supply chains.

To address these gaps, the study advocates for the adoption of advanced technologies such as AI-powered Managed Detection and Response (MDR) tools. These solutions offer continuous threat monitoring and can help IT teams manage complex security incidents more effectively. As organisations navigate the evolving landscape of cybersecurity threats, implementing these advanced technologies may be crucial in safeguarding against future attacks.