UK firms face highest global breach rates despite risk spending

New research from BlueVoyant indicates that nearly all UK businesses have faced negative impacts from supply chain breaches. The data highlights a higher frequency of such breaches in the UK compared to other surveyed regions.

High breach rates

The report, based on a survey of 1,800 senior IT leaders across 11 countries, reveals that the UK has the highest average breach rate at 4.1 per organisation. Just 45% of surveyed UK firms have established or optimised third-party risk management programmes to address these vulnerabilities.

Despite ongoing investments in risk management measures, the findings suggest that these efforts have not translated into lower breach incidents for UK organisations. This contrasts with lower average breach rates observed in other regions surveyed.

AI integration

UK firms are planning to adopt artificial intelligence to strengthen their risk management strategies. Over the next 12 months, 68% expect to use AI for continuous monitoring of third-party risks. Additionally, 57% will use AI for questionnaire management and 43% for risk reporting.

The move to integrate AI follows recognition among respondents of the need for more sophisticated tools and processes to keep up with the increasing complexity of third-party risk environments.

Operational challenges

Collaboration between internal stakeholders remains a significant obstacle for UK organisations progressing towards mature third-party risk management. Twenty-one percent identified stakeholder collaboration as the most significant barrier to enhancing their programmes.

The report also found that ongoing communication with senior leadership is limited. Only 16% of UK respondents said they brief their leadership on third-party risk programmes monthly or more frequently. This is the lowest rate recorded among the countries surveyed.

Outsourcing and vendor management

Many UK businesses continue to rely on outsourcing for key elements of their risk management operations. Forty-three percent use external partners for data analysis in their third-party risk management programmes. Thirty-six percent outsource ongoing monitoring, a proportion that has increased since last year.

Vendor tiering practices among UK firms are also notable. Sixty-three percent assess vendors based on yearly contract value, a rate higher than the global average of 54%. Sixty percent categorise vendors based on their operational importance to the business.

Spending disconnect

"U.K. organisations are clearly advancing in third-party risk maturity, but the data shows a critical disconnect between investment and impact. Despite aggressive spending and strategic intent, breach rates remain the highest globally. To truly shift the needle, businesses must move beyond compliance-driven programs and embrace risk reduction as a core operational priority. While insurance requirements, contractual obligations, and board mandates are critical, if U.K. organisations were to achieve more effective risk reduction this would result in more meaningful compliance outcomes," said Robert Hannigan, Chairman, International Business, BlueVoyant.