Majority of UK's top business leaders are failing to manage supply chain security risks

New findings from a DCMS review have sparked concern in government which could see new laws introduced to protect Britain's digital supply chains

Fresh research from the Department for Culture, Media, and Sport (DCMS) has revealed less than a third of business leaders in the UK's top companies are actively managing cyber security risks in the supply chain.

Just 28% of respondents replied strongly in favour when asked if they actively manage vulnerabilities in the supply chain, despite 97% of businesses being impacted by supply chain attacks in the past year.

That's according to new research from the DCMS in which C-suite executives at 107 of Britain's top companies were asked about their business' cyber resilience.

The DCMS is now considering imposing tough new rules for businesses to follow to secure the country's digital supply chains, such as those set out in the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework.

The public sector may also face restrictions that could include more stringent procurement rules to ensure products and services are only bought from vendors with good cyber security histories, and plans for improved advice and guidance campaigns to help businesses manage security risks, the DCMS said.

There is strong support from the industry for developing new or updated legislation to improve security at the supply chain level with 82% of respondents agreeing legislation could be an effective or a somewhat effective solution.

Following a call for views, which closed in July 2021, the UK government will now develop more detailed policy proposals in response to the new findings. A review of current legislation is underway and a new national cyber strategy will be launched before the end of the year.

"As more and more organisations do business online and use a range of IT services to power their services, we must make sure their networks and technology are secure," said Julia Lopez, minister for media, data and digital infrastructure. 

"Today we are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses’ digital footprint and protect their sensitive data," she added.

Elsewhere in the research, interviews of C-suite executives showed most board members (51%) at the very top of UK business are only consulted on cyber security matters once every quarter.

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

One in five boards (19%) are consulted on cyber security even less frequently with the topic raised as little as once every six months. A similar proportion (20%) discuss the latest threats on a monthly basis, one in 20 (5%) discuss cyber security on a weekly basis while just 1% discuss the matter daily.

Just a minority of boards at the UK's top firms (24%) report feeling 'very informed' to make key business decisions related to cyber security, and a sizeable proportion (34%) expressed that more awareness training and education is needed at the board level to make better decisions about cyber resilience.

Other data from the research revealed a more positive outlook as most business leaders (91%) agree that cyber threats are considered 'high risk' or 'very high risk' at the board level - a figure which is up from 84% in 2020.

A similar majority of leaders (92%) also agree that the board integrates cyber risk considerations into wider business areas, however, the data shows greater awareness and more frequent consultation about the cyber security landscape may be needed to improve the overall cyber resilience in UK businesses.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Podcast Transcript: What’s so hard about public sector IT?
public sector

Podcast Transcript: What’s so hard about public sector IT?

3 Dec 2021
The IT Pro Podcast: What’s so hard about public sector IT?
public sector

The IT Pro Podcast: What’s so hard about public sector IT?

3 Dec 2021
HPE inks $2 billion high-performance computing deal with the NSA
high-performance computing (HPC)

HPE inks $2 billion high-performance computing deal with the NSA

1 Sep 2021
White House launches tech fellowship program to tackle key issues
Policy & legislation

White House launches tech fellowship program to tackle key issues

31 Aug 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021