The National Cyber Security Centre (NCSC) has published new guidance to help organisations effectively assess and gain confidence in the cyber security of their supply chains.

The guidance follows a significant increase in cyber-attacks resulting from vulnerabilities within supply chains in recent years, including high-profile incidents such as the SolarWinds attack.

These attacks can result in long-term, costly ramifications for affected organisations and their customers, yet the latest government data shows just over one in ten businesses review the risks posed by their immediate suppliers. The proportion for the wider supply chain is just 7%.

This guidance aims to help cyber security professionals, risk managers and procurement specialists put into practice the NCSC’s 12 supply chain security principles to ensure that mitigations are in place for vulnerabilities associated with working with suppliers.

More specifically, this guidance:

  • describes typical supplier relationships and potential weaknesses that might expose their supply chain to attacks
  • defines the expected outcomes
  • sets out key steps that can help organisations assess their supply chain’s security

Read the NCSC’s new guidance on supply chain cyber security.

In addition to guidance focused on improving supply chain cyber resilience, the NCSC has published a range of advice to help organisations improve their own cyber security.

This includes the 10 Steps to Cyber Security guidance, aimed at larger organisations, and the Small Business Guide for smaller organisations.