It’s common to rely on multiple service providers to do business. However, a complex supply chain can substantially increase cyber-risk. Specifically, just one vulnerability within a supply chain could allow a cyber-criminal to gain access to a whole host of organisations. In fact, thousands of organisations—including British Airways, healthcare company Boots and the BBC—suffered a data breach after a file transfer system within their supply chain was compromised in June 2023. Yet only 13% of businesses review the risks posed by their immediate suppliers, and even less (8%) scrutinise their wider supply chain, according to the government’s 2023 Cyber Security Breaches Survey.   

To help address this gap, the National Cyber Security Centre (NCSC) has released two free e-learning packages relating to supply chain management, as follows:

• Module 1: Mapping your supply chain risk—This e-learning module explores the what, why and how of supply chain mapping to help organisations improve their cyber-security.
• Module 2: Gaining confidence in your supply chain—This e-learning module describes the practical steps that organisations can take as they review their supply chain.

For further information, visit the NCSC website.