The UK government has released new comprehensive guidance on securing supply chains to combat the rising threat of ransomware, collaborating internationally to bolster cyber resilience and prevent damaging cyber attacks.
The UK government has stepped up its fight against ransomware with the release of comprehensive new guidance focused on securing supply chains, which are increasingly exploited as entry points for cybercriminals. This move comes in response to a troubli...
Continue Reading This Article
Enjoy this article as well as all of our content, including reports, news, tips and more.
By registering or signing into your SRM Today account, you agree to SRM Today's Terms of Use and consent to the processing of your personal information as described in our Privacy Policy.
ng surge in ransomware incidents, with the National Cyber Security Centre (NCSC) reporting a record 204 “nationally significant” cyber events in the past year, many of which originated from supply chain vulnerabilities.
Produced in collaboration with Singapore under the Counter Ransomware Initiative (CRI), an international coalition now supported by over 67 countries including entities such as Interpol and the World Bank, the guidance aims to bolster global cyber resilience by helping organisations identify and mitigate security weaknesses before they can be exploited. Notably, the United States is not among the endorsing members. The CRI underscores the importance of joint international action to confront the growing ransomware threat, which UK Security Minister Dan Jarvis described as an “immediate and urgent threat to our nation’s security and economy.” He emphasised that cyber security must be a priority for all businesses, urging adherence to the new guidance as a critical defence measure.
At its core, the guidance lays out a multi-step framework for enhancing supply chain security. It advises organisations to choose suppliers who have implemented appropriate security controls aligned with their risk exposure, communicate clear security expectations to partners, and embed cyber security requirements within contractual agreements. Independent audits, external accreditations, and cyber insurance coverage are also recommended to ensure robust supplier security standards. The guidance advocates for ongoing collaboration with suppliers to review incidents or near misses, share threat intelligence, update response plans, and maintain adaptive contracts reflecting the evolving cyber threat landscape.
Jonathon Ellison, director for national resilience at the NCSC, highlighted the ripple effect ransomware attacks can have across supply chains, warning that many such incidents are preventable through basic but effective measures like the Cyber Essentials certification. His comments underline a key message of the guidance: prevention and preparedness are vital to avoid widespread disruption.
Industry leaders affected by ransomware have welcomed the initiative. Shirine Khoury-Haq, CEO of The Cooperative Group, which suffered a substantial ransomware attack costing £206 million earlier this year, noted the difficulty of responding to live cyber events despite exhaustive planning. Speaking about the new guidance, she said, “What matters most is learning, building resilience, and supporting each other to prevent future harm. This is a positive step in the right direction for building a safer digital future.”
Beyond the operational recommendations, the UK government also continues to strengthen its stance on ransomware through complementary measures. These include financial sanctions targeting ransomware actors to disrupt their profitability and evolving regulatory discussions. One key development under consideration is extending bans on ransomware payments to essential suppliers of Critical National Infrastructure (CNI) and public sector bodies. Such measures could impose compliance obligations on thousands of small and medium-sized businesses within the supply chain, amplifying the importance of cyber resilience strategies at all levels.
In addition, at the 2024 Counter Ransomware Initiative Summit, the UK and Singapore led efforts to support victims of ransomware attacks, highlighting the risks of making ransom payments. The guidance from this summit cautions against paying ransoms as it often encourages further criminal targeting and does not guarantee resolution or data recovery.
Collectively, these initiatives reflect the UK’s commitment to building a resilient cyber ecosystem both domestically and internationally. The government’s new supply chain security guidance not only provides practical steps for safeguarding IT environments but also encourages a culture of transparency, collaboration, and continuous improvement across the cyber supply chain network.
As cyber threats continue to evolve in sophistication and scale, this comprehensive, internationally coordinated approach aims to dial up defences, reduce vulnerabilities, and ultimately prevent ransomware attacks from inflicting catastrophic damage on organisations and services vital to the UK and beyond.
Source: Noah Wire Services
