IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Majority of UK's top business leaders are failing to manage supply chain security risks

New findings from a DCMS review have sparked concern in government which could see new laws introduced to protect Britain's digital supply chains

Fresh research from the Department for Culture, Media, and Sport (DCMS) has revealed less than a third of business leaders in the UK's top companies are actively managing cyber security risks in the supply chain.

Just 28% of respondents replied strongly in favour when asked if they actively manage vulnerabilities in the supply chain, despite 97% of businesses being impacted by supply chain attacks in the past year.

That's according to new research from the DCMS in which C-suite executives at 107 of Britain's top companies were asked about their business' cyber resilience.

The DCMS is now considering imposing tough new rules for businesses to follow to secure the country's digital supply chains, such as those set out in the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework.

The public sector may also face restrictions that could include more stringent procurement rules to ensure products and services are only bought from vendors with good cyber security histories, and plans for improved advice and guidance campaigns to help businesses manage security risks, the DCMS said.

There is strong support from the industry for developing new or updated legislation to improve security at the supply chain level with 82% of respondents agreeing legislation could be an effective or a somewhat effective solution.

Following a call for views, which closed in July 2021, the UK government will now develop more detailed policy proposals in response to the new findings. A review of current legislation is underway and a new national cyber strategy will be launched before the end of the year.

"As more and more organisations do business online and use a range of IT services to power their services, we must make sure their networks and technology are secure," said Julia Lopez, minister for media, data and digital infrastructure. 

"Today we are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses’ digital footprint and protect their sensitive data," she added.

Elsewhere in the research, interviews of C-suite executives showed most board members (51%) at the very top of UK business are only consulted on cyber security matters once every quarter.

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

One in five boards (19%) are consulted on cyber security even less frequently with the topic raised as little as once every six months. A similar proportion (20%) discuss the latest threats on a monthly basis, one in 20 (5%) discuss cyber security on a weekly basis while just 1% discuss the matter daily.

Just a minority of boards at the UK's top firms (24%) report feeling 'very informed' to make key business decisions related to cyber security, and a sizeable proportion (34%) expressed that more awareness training and education is needed at the board level to make better decisions about cyber resilience.

Other data from the research revealed a more positive outlook as most business leaders (91%) agree that cyber threats are considered 'high risk' or 'very high risk' at the board level - a figure which is up from 84% in 2020.

A similar majority of leaders (92%) also agree that the board integrates cyber risk considerations into wider business areas, however, the data shows greater awareness and more frequent consultation about the cyber security landscape may be needed to improve the overall cyber resilience in UK businesses.

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download


UK, US condemn Iran for ‘unprecedented’ cyber attack against Albania
cyber attacks

UK, US condemn Iran for ‘unprecedented’ cyber attack against Albania

8 Sep 2022

Most Popular

The big PSTN switch off: What’s happening between now and 2025?

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Why – and how – IP can be the hero in your digital transformation success story

Why – and how – IP can be the hero in your digital transformation success story

6 Mar 2023
HMRC lost nearly 50% more devices in 2022

HMRC lost nearly 50% more devices in 2022

17 Mar 2023