HomeInsightsNational Cyber Security Centre (NCSC) issues fresh guidance following recent rise in supply chain cyber-attacks


The NCSC has published new guidance to help organisations effectively assess and gain confidence in the cyber security of their supply chains. It follows a significant increase in cyber-attacks resulting from vulnerabilities within supply chains in recent years, including some high-profile incidents such as the SolarWinds attack.

The new guidance is designed to help medium and larger organisations effectively assess the cyber risks of working with suppliers and gain assurance that mitigations are in place.

The NCSC explains that supply chain attacks can cause far-reaching and costly disruption, yet the latest Government data shows that just over one in ten businesses review the risks posed by their immediate suppliers (13%), and the proportion for the wider supply chain is just 7%. The NCSC urges businesses to take action.

The guidance aims to help cyber security professionals, risk managers and procurement specialists put into practice the NCSC’s 12 supply chain security principles and follows the Government’s response to a call for views last year, which highlighted the need for further advice.

The guidance describes typical supplier relationships and potential weaknesses that might expose their supply chain to attacks, defines the expected outcomes and sets out key steps that can help organisations assess their supply chain’s security. To read the NCSC’s press release in full and to access the guidance, click here.