As 2025 begins, organisations must focus on bolstering operational resilience and addressing third-party risks, driven not only by commercial imperatives but also by new regulatory mandates. With the enactment of regulations such as NIS2 in late 2024 and DORA early this year, supply chain risk management is now a strategic necessity.
This means that third-party cyber risk management must become a strategic priority. However, according to BlueVoyant’s fifth annual Supply Chain Defence report, which examines fast-evolving supply ecosystems, many organisations don’t appear to be prioritising supply chain cyber risk management, or are unaware of cyber security gaps in their supply chains.
Nearly two thirds of UK respondents said that third-party cyber security risk management is either not a priority, or somewhat of a priority, and 34% said they have no way of knowing when a cyber security incident occurs within their supply chain.
The Board’s role in managing cyber risk
The severe implications of supply chain cyber breaches — ranging from business disruption to reputational damage — alongside the threat of regulatory fines, have caught the attention of…
