TECHNOLOGY

97 FTSE 100 companies exposed to offer chain breaches

Koonsiri – stock.adobe.com

Between March 2023 and March 2024, 97 out of 100 companies on the UK’s FTSE 100 list had been build at probability of compromise following provide chain breaches at third-celebration suppliers

Alex Scroxton

By

Revealed: 03 Jun 2024 17: 25

Of the 100 organisations listed on the Monetary Cases Stock Alternate (FTSE) 100 list of Britain’s most extremely capitalised companies, 97 had been exposed to a third-celebration provide chain data breach incident between March 2023 and March 2024, constant with data published by SecurityScorecard sooner than the annual Infosec Europe at ease.

The findings, which advance as provide chain attacks continue to dominate cyber security discussions – particularly in regard to the security of severe national infrastructure (CNI) – demonstrate the scale of the difficulty coping with all organisations, now not real illustrious ones.

SecurityScorecard said the FTSE 100 had done well at protecting their hang entrance doors – simplest 12% of the listed organisations reported a breach themselves closing year – with the that adversaries must admire other methods to ranking in, which basically attain throughout the methods of third-celebration suppliers of workmanship or other products and companies.

The agency said it wished to focus on that a company’s cyber security power is immediately linked to the flexibility of even its smallest vendor, warning that the consume of such companies as an unwitting Trojan Horse became out of the ordinary more uncomplicated than immediately compromising a well-identified organisation with a couple of layers of controls and an utterly-fledged security operations centre (SOC).

“Third-celebration probability administration is a key ingredient of any tough cyber security programme, and the companies represented on this characterize would support by making it a priority,” said Will Gray, SecurityScorecard’s director of Northern Europe.

“The sectors and organisations in the UK, and in Europe as a total, must discontinuance more now if they’ll be ready for the implementation of DORA [Digital Operational Resilience Act] by January 2025, moreover to the NIS2 Directive.

“The upward thrust of recordsdata breaches across Europe demonstrates that UK companies aloof must brand third-celebration probability administration [TPRM] an integral ingredient of now not simplest their security programme but of their provider possibility assignment to boot,” added Gray.

Blended characterize

Beyond their capacity publicity to offer chain attacks, the UK’s top-performing companies tended to beget out of the ordinary stronger cyber security postures than their European counterparts, with 76% scoring on the most tantalizing three grades – A through C – on SecurityScorecard’s proprietary rankings metric, in comparison with 60% in France, 59% in Italy and 66% in Germany. Moreover, 85% of UK organisations with the most tantalizing A grade had now not been breached in the previous year.

Happily for these serious about threats to CNI, the most real sector in the UK became energy and fundamental materials (mining and raw materials), the put simplest 12% and 16% skilled a third-celebration breach closing year, and no organisations received a C grade or below. The monetary products and companies alternate moreover performed well, with simplest 5% receiving a C grade or decrease. Organisations working in the communications sector, however, beget loads of labor to discontinuance – 70% of them received a C grade or decrease.

The head performers are moreover the richest companies with the most tantalizing market caps that would possibly perchance beget the funds for to discontinuance security well. Of the 25 UK organisations rate over $29bn, simplest 12% received a C grade or below, whereas for the 75 others, this rose to 28%.

Be taught more on IT probability administration

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button