Many of us rely on suppliers to deliver products, systems, and services. However, supply chains are often large and complex, which makes it difficult to know if you have enough protection in place. In recent years there has been a significant increase in cyber attacks as a result of vulnerabilities within the supply chain, which can lead to expensive and long-term ramifications for affected organisations and their customers.
The National Cyber Security Centre (NCSC) have separated the supply chain guidance into Foundations, Application and Consolidation sections. We recommend you work through the guidance in this order:
Foundations
12 principles of supply chain security
This guidance builds on the fundamentals for your supply chain cyber security, providing 12 principles to start your understanding.
Application
How to assess and gain confidence in your supply chain cyber security
Next, apply these principles with the 5 steps to developing your supply chain journey.
Consolidation
Utilise your knowledge by creating your very own supply chain map, an essential step to managing supply chain cyber security risk.
Your workforce is your strongest defence. Fraud and cybercrime account for around 50% of all crime recorded in England and Wales. Basic cyber hygiene can prevent many attacks, which often target human error through phishing.
The Cyber Resilience Centre for London, funded by the Home Office and delivered by policing, provides free support to SMEs, including:
- 30-minute consultations
- Staff awareness training
- One-to-one cyber resilience reviews
- Support from Cyber PATH student services
- Guidance on business continuity planning and two-factor authentication
(These services are available to SMEs with a turnover under £20 million or fewer than 200 employees, including third sector organisations within supply chains.)
Tools available for SMEs from the NCSC:
- Small business guide to cyber security
- Phishing guidance
- Cyber Action Toolkit
- Cyber Essentials
- Exercise in a box
Even with robust prevention in place, incidents can still occur. Having a clear, written plan in place is critical.
As part of this, you should sign up for NCSC Early Warning to receive alerts about potential threats and suspicious activity.
Equally important is knowing who to contact in the event of an incident:
- NCSC guidance on incident management
- Responding to cyber attacks
- The Cyber Helpline (support for sole traders and small businesses)
- Reporting a cyber incident (UK Government)
Many SMEs still underestimate their exposure to cyberattacks, often assuming they are unlikely targets. By investing in simple protections and training employees, businesses can significantly reduce risk, because ultimately, a well-informed workforce remains the strongest line of defence.
As cyber threats continue to evolve, with technologies like AI enabling more sophisticated attacks, staying informed will be critical. The AI and Cyber Security Association is working to bridge the gap between AI and cyber security and support businesses in navigating this changing landscape.
These insights were shared during our London Business Network for Resilience online briefing, with the participation of the National Cyber Security Centre (NCSC) and the Cyber Resilience Centre for London, alongside leading cyber experts, including Arunava Banerjee, David Ferbrache, Richard Morrison-Butcher, and Lisa Ventura.
