The British government reports that almost

with digital supply chains are vulnerable to cyberattacks , with many lacking even basic protective measures

compared with 41 % of respondents from elsewhere . He says this pattern might be linked to budgets . “ UK organisations are less likely than those in other regions to be getting cybersecurity budget increases ”.

But he warns that the “ intensive threat landscape ” should be enough to prompt businesses to reconsider budgets .

“ They need to consider whether the price is worth paying , to avoid the currently almost certain risk of suffering a breach via the supply chain .”

McDonnell says when it comes to managing alerts arising from vendor monitoring , companies “ should look towards advanced AI-powered options ” because “ these can lift the burden of analysis and prioritisation ”. He adds that “ it ’ s important there is the facility for human review of key decisions and processes . The investment needed to establish effective third-party cyber risk management is not as high as you might think ,” he says , adding that “ implementing a robust solution delivers a host of strategic data that can be incorporated into corporate risk management and decision-making processes ”.

He continues : “ Businesses should look for solutions capable of scaling , to cover all suppliers . They should also aim for continuous monitoring so that attackers ’ window of opportunity is limited as far as possible , and risk is reduced accordingly .”

This , he says , allows businesses to proactively manage their supply chains and to deliver greater resilience at a time when it is badly needed .

“ And of course , compared to the cost of a breach , the investment is a price well worth paying ,” he stresses .

52 April 2023