More than half of large UK financial services firms experienced at least one third-party supply chain attack in 2024, with nearly a quarter facing three or more incidents, according to new research from Orange Cyberdefense. The findings underscore the increasing vulnerability of financial institutions to cyber threats stemming from their vendor ecosystems.
A survey of 200 UK CISOs and senior security decision-makers revealed that many firms still rely on outdated risk assessment models. Nearly half (44%) assess third-party risks only during initial onboarding, while 41% conduct periodic reviews. Just 14% take the most proactive approach—continuous monitoring supported by dedicated risk management tools.
The impact of these different strategies is stark. Among firms that assessed risk only at onboarding, 68% suffered an attack. That figure dropped to 57% for those conducting periodic reviews and 32% for those with continuous monitoring. The data suggests a clear correlation: the more frequently firms evaluate their suppliers, the lower their risk exposure.
