SecurityScorecard found in their research that 97 out of the top 100 organisations on the FTSE 100 list in Britain were affected by a third-party supply chain data breach incident between March 2023 and March 2024. This highlights the ongoing issue of supply chain attacks within the cyber security landscape, especially concerning critical national infrastructure (CNI).
While the FTSE 100 companies have been successful in protecting their own systems, only 12% reported breaches themselves. This means that hackers are turning to third-party suppliers to gain access to their targets. SecurityScorecard emphasized the importance of third-party risk management in strengthening cyber security, as the security of a company is only as strong as its weakest supplier.
The director of Northern Europe at SecurityScorecard, Will Gray, stressed the need for companies to prioritize third-party risk management in their security programs to prepare for upcoming regulations like the Digital Operational Resilience Act and the NIS2 Directive.
In terms of cyber security posture, UK companies outperformed their European counterparts, with 76% of top UK organisations scoring the highest grades on SecurityScorecard’s ratings metric. The energy and basic materials sector in the UK was identified as the most secure, while the communications sector had the most room for improvement.
Overall, the top-performing companies were also the wealthiest and had stronger security measures in place. However, there is still work to be done across all sectors to strengthen cyber security and mitigate the risk of supply chain attacks.