IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Majority of UK's top business leaders are failing to manage supply chain security risks

New findings from a DCMS review have sparked concern in government which could see new laws introduced to protect Britain's digital supply chains

Fresh research from the Department for Culture, Media, and Sport (DCMS) has revealed less than a third of business leaders in the UK's top companies are actively managing cyber security risks in the supply chain.

Just 28% of respondents replied strongly in favour when asked if they actively manage vulnerabilities in the supply chain, despite 97% of businesses being impacted by supply chain attacks in the past year.

That's according to new research from the DCMS in which C-suite executives at 107 of Britain's top companies were asked about their business' cyber resilience.

The DCMS is now considering imposing tough new rules for businesses to follow to secure the country's digital supply chains, such as those set out in the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework.

The public sector may also face restrictions that could include more stringent procurement rules to ensure products and services are only bought from vendors with good cyber security histories, and plans for improved advice and guidance campaigns to help businesses manage security risks, the DCMS said.

There is strong support from the industry for developing new or updated legislation to improve security at the supply chain level with 82% of respondents agreeing legislation could be an effective or a somewhat effective solution.

Following a call for views, which closed in July 2021, the UK government will now develop more detailed policy proposals in response to the new findings. A review of current legislation is underway and a new national cyber strategy will be launched before the end of the year.

"As more and more organisations do business online and use a range of IT services to power their services, we must make sure their networks and technology are secure," said Julia Lopez, minister for media, data and digital infrastructure. 

"Today we are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses’ digital footprint and protect their sensitive data," she added.

Elsewhere in the research, interviews of C-suite executives showed most board members (51%) at the very top of UK business are only consulted on cyber security matters once every quarter.

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

One in five boards (19%) are consulted on cyber security even less frequently with the topic raised as little as once every six months. A similar proportion (20%) discuss the latest threats on a monthly basis, one in 20 (5%) discuss cyber security on a weekly basis while just 1% discuss the matter daily.

Just a minority of boards at the UK's top firms (24%) report feeling 'very informed' to make key business decisions related to cyber security, and a sizeable proportion (34%) expressed that more awareness training and education is needed at the board level to make better decisions about cyber resilience.

Other data from the research revealed a more positive outlook as most business leaders (91%) agree that cyber threats are considered 'high risk' or 'very high risk' at the board level - a figure which is up from 84% in 2020.

A similar majority of leaders (92%) also agree that the board integrates cyber risk considerations into wider business areas, however, the data shows greater awareness and more frequent consultation about the cyber security landscape may be needed to improve the overall cyber resilience in UK businesses.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Podcast Transcript: What’s so hard about public sector IT?
public sector

Podcast Transcript: What’s so hard about public sector IT?

3 Dec 2021
The IT Pro Podcast: What’s so hard about public sector IT?
public sector

The IT Pro Podcast: What’s so hard about public sector IT?

3 Dec 2021
HPE inks $2 billion high-performance computing deal with the NSA
high-performance computing (HPC)

HPE inks $2 billion high-performance computing deal with the NSA

1 Sep 2021
White House launches tech fellowship program to tackle key issues
Policy & legislation

White House launches tech fellowship program to tackle key issues

31 Aug 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022