Nearly every UK company hit by supply chain attacks despite big spending - BetaNews

BlueVoyant has just dropped its sixth annual State of Supply Chain Defense report, giving a deep dive into how companies across regions and industries tackle the thorny issue of third-party risk. The research, based on a survey of 1,800 senior IT leaders from eleven countries—including 300 from the UK—paints a rather concerning picture. Despite hefty investments, there’s a growing gap between what companies are spending and the actual outcomes, with breach rates climbing and the use of AI tools becoming more common to keep tabs on vendors. The UK seems especially hit hard by these supply chain breaches. Nearly every UK organization surveyed—98 percent, to be exact—reported being negatively impacted by supply chain attacks in the past year. Surprisingly, only 45 percent of these companies say they have established or improved their third-party risk management programs, which might help explain the UK's worryingly high average breach rate of 4.1 incidents per organization. This suggests that even when formal programs exist, they’re not quite doing the job in reducing risk effectively. Looking ahead, UK firms are gearing up to lean more heavily on AI within the next year, using it for continuous monitoring, managing questionnaires, and risk reporting. Around 68 percent expect to use AI for ongoing supplier monitoring, 57 percent for questionnaire workflows, and 43 percent for reporting purposes. BlueVoyant stresses that with vendor ecosystems expanding rapidly, automation isn’t just a nice-to-have, but essential for keeping pace. Yet there are still hurdles—like poor collaboration across internal teams, cited by 21 percent of UK respondents as a major roadblock in advancing their programs. Leadership engagement is also quite lacking; just 16 percent of UK organizations brief senior executives monthly or more often, the lowest rate compared to the other countries in the survey. Outsourcing third-party risk functions is on the rise in the UK, with 43 percent of firms outsourcing risk data analysis and 36 percent outsourcing monitoring tasks, both increases from previous years. When it comes to vendor tiering, UK companies tend to rely heavily on contract value—63 percent versus 54 percent globally—as well as operational importance (60 percent). Robert Hannigan, Chairman of International Business at BlueVoyant, remarked on the disconnect that UK firms face: despite aggressive spending and strategic efforts, breach rates remain the highest globally. He argues that companies need to move beyond mere compliance checklists and make risk reduction a central operational focus to see real improvements. With most organizations expecting their vendor networks to grow, the report warns that without stronger executive involvement, tighter integration with enterprise risk systems, and better internal alignment, the risks will only continue to mount. BlueVoyant’s findings call for a strategic shift to keep pace with the evolving complexity of supply chain security challenges.