UK organisations are still struggling to keep pace with cyber attacks that arrive through their suppliers, according to new research from Risk Ledger which suggests the problem is now both widespread and difficult to contain.
The company’s “Every Link Matters: The State of Supply Chain Security 2026” report found that 82.4% of UK organisations experienced at least one supply chain cyber incident in the past year, while 47.2% suffered repeat compromises. Risk Ledge...
Continue Reading This Article
Enjoy this article as well as all of our content, including reports, news, tips and more.
By registering or signing into your SRM Today account, you agree to SRM Today's Terms of Use and consent to the processing of your personal information as described in our Privacy Policy.
r said the figures point to a threat that is not only persistent but increasingly systemic, as attackers exploit the connections between businesses, contractors and sub-contractors rather than targeting individual firms alone.
One of the clearest weaknesses identified in the report is visibility. A quarter of respondents said their biggest third-party risk management gap was the inability to see risks beyond direct suppliers, particularly at fourth- and fifth-party level. Risk Ledger said this blind spot leaves organisations exposed to hidden dependencies that can spread disruption across multiple companies at once.
The research also suggests that many firms are still relying on monitoring methods that are too slow for today’s attack environment. Only 41% said they had fully automated, real-time oversight of direct suppliers’ security controls, while more than half used quarterly reviews or updates triggered by specific events. In a major incident, fewer than one in ten said they could map their full supplier exposure within four hours, and the average time to understand the impact was 1.9 days.
That lag matters because supply chain compromises are increasingly moving faster than traditional review cycles. Risk Ledger’s chief executive and co-founder, Haydn Brooks, said traditional approaches were no longer adequate for the pace and complexity of modern threats, and argued that organisations need continuous insight as well as greater collaboration across the sector. He said 93% of security leaders want an industry-wide model for sharing supplier intelligence.
The report also found limited confidence in existing third-party risk management practices. While 60% of organisations described those processes as somewhat effective, only 28% called them very effective, down from 37% a year earlier. Risk Ledger said this decline reflects growing frustration with periodic assessments that do not provide real-time assurance.
To address that, the company is promoting Active Supply Chain Security, a model based on continuous monitoring and shared intelligence rather than static questionnaires and point-in-time checks. It said 93% of organisations support some form of collaborative model for exchanging supplier cyber assurance data, even though nearly a quarter still cannot identify concentration risk across shared suppliers and subcontractors.
Risk Ledger’s sector-specific report on UK financial services pointed to similar findings, with 82% of firms in that industry experiencing at least one supply chain incident in the previous 12 months. The broader message, the company argues, is that supply chain resilience can no longer be managed by individual organisations acting alone.
Source: Noah Wire Services
