News from the Wire

Overconfidence puts supply chain security at risk, warns NCC Group

Friday, October 24, 2025 — 16:07:51 (UTC)

· Nearly half of organizations suffered a cyber security breach in the last year · 92% of organizations trust that their suppliers follow cyber security best practices · A third of businesses don’t conduct regular risk assessments on suppliers · 21% believe they wouldn’t be affected if a key supplier was unable to operate for five days

Manchester, UK, Oct. 23, 2025—Businesses are overestimating their ability to respond to supply chain cyber attacks and their visibility over suppliers, according to new research from global cyber security firm NCC Group.

The State of Supply Chain Security report reveals that the vast majority (94%) of businesses are confident in their ability to respond to a supply chain attack, despite that nearly half (45%) experienced a cyber security breach in the last year, and the series of recent supply chain related attacks in the news that have brought retail giants, major grocery suppliers and car manufacturers to their knees. Half (49%) of the organizations that suffered a breach said the attack suspended operations.

Surveying 1,010 cyber security decision makers globally about their views on the current state of supply chain security, the report revealed that 92% of organizations trust their suppliers follow cyber security best practices.

However, high trust levels could be leaving businesses and their supply chains vulnerable to threats, with the research showing a third (34%) are not regularly monitoring suppliers or conducting risk assessments, and only 34% claiming to have full and detailed insight into their supply chain’s cybersecurity.

Despite businesses understanding that security threats are growing, with 68% expecting attacks to become more severe in the next 12 months, the data suggests a lack of awareness about the impact that a supplier attack could have on day-to-day business operations. Surprisingly, a fifth (21%) of organizations surveyed believe they wouldn’t be affected if a key supplier was unable to operate for five days.

Mike Maddison, CEO of NCC Group said: “Global supply chains are the engine of modern business, so it is critical that their security is a priority for leaders, especially when global ransomware levels are at a record high this year. The outbreak of high profile supply chain attacks we have seen this year must be taken as a wake up call. These attacks have real world consequences, delaying medical procedures, grounding flights, leaving shelves empty and putting the economy and jobs at risk. In the face of such a threat, it is shocking that 92% of respondents trust their suppliers to follow cyber security best practices. Time and time again, threat actors are profiteering from this overconfidence, using straightforward techniques to access virtually unguarded supply chain networks.”

The research gathered responses from eight markets including the US, UK, Australia, Germany, the Netherlands, Singapore, Spain and The Philippines. Eleven different industries are represented, including public and private sectors, and all levels of seniority were surveyed.

Mike Maddison continued: “Although it is encouraging to see cyber security climbing up the boardroom agenda for organizations, overconfidence in supplier visibility, and the ability to react, is leading to complacency that we can no longer ignore. Security is only as strong as the weakest link in a supply chain. Organizations are severely overestimating their operational resilience, with 21% of respondents believing they wouldn’t be affected if a key supplier was unable to operate for five days - they are in for a rude awakening. Supply chain attacks threaten not only individual organizations, they are an economic risk at an international level. This report is a clarion call for organizations and governments to wake up to the realities of supply chain vulnerability. We must do more to increase economic resilience by proactively tackling these threats.”

Among other findings: · Artificial intelligence is the #1 factor organizations expect to increase supply chain security risk over the next 12 months: 59% agree · 45% of suppliers say the cost of cybersecurity measures is the greatest pain point with regards to cyber security and compliance · Only 36% of organizations say they have visibility over how their supply chain stores and protects business-critical data relating to their organization · 59% are concerned about the level of visibility they have over their supply chain

The findings come as more stringent cyber security regulation has been introduced globally to boost resilience strategies. This includes the UK’s Cyber Security Resilience Bill, as well as the EU’s NIS2 Directive and the Digital Operational Resilience Act (DORA).

Increased regulation is welcomed by businesses, with 90% confident that cyber security standards and policies reduce the risk of supply chain attacks. Yet, the introduction of more legal frameworks could make managing supply chains more complex for global businesses.

Katharina Sommer, group head of Government Affairs at NCC Group added: “Governments don’t share the same confidence in supply chain security as shown by business, prompting tighter regulations being introduced to combat these growing threats. Legislation is still catching up with the pace of innovation and the global regulatory landscape is still fragmented. As we move to an even more connected world where supply chains overlap borders and governments, organizations must carefully navigate policies to minimize supply chain vulnerabilities and increase resilience.”

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.

Source: Company press release.

Categories: Reports and research