Over half (58%) of large UK financial services firms suffered at least one third-party supply chain attack in 2024, according to a study by Orange Cyberdefense.
Nearly a quarter (23%) of these companies were hit three or more times by third-party attacks.
The research identified significant gaps in financial services third-party risk management strategies. Close to half (44%) of these institutions admitted that they only assess third-party risk during the initial supplier onboarding stage.
A similar proportion (41%) perform periodic risk assessments. Just 14% said they continuously assess risk and use dedicated third-party risk management tools.
A clear link was highlighted between the extent of risk management performed and the chances of suffering a supply chain attack. Over two-thirds (68%) of those who only assessed risk during the onboarding phase suffered a supply chain attack in 2024.
This dropped to 57% for those who periodically assessed risk and 32% for those who assessed continuously and employed risk management technologies.
Concerns Over Brexit Impact on Regulatory Alignment
CISOs and security decision makers surveyed expressed concerns about a lack of…
