KPMG welcomes DCMS plans to boost supply chain cybersecurity

The UK Department of Digital Culture, Media and Sport (DCMS) has announced new measures to enhance the security of businesses’ IT services.

KPMG has welcomed the UK DCMS' new digital supply chain cybersecurity plans. Head of UK Cyber at KPMG UK, Martin Tyley, says: “Digital supply chain cyber security plans are the safety net our country needs to survive and thrive."

IT service providers could be required to follow new cyber security rules such as the National Cyber Security Centre’s Cyber Assessment Framework as part of new proposals to help British businesses manage the growing cyber threat.

Other plans to protect the country’s digital supply chains include new procurement rules to ensure the public sector buys services from firms with good cyber security and plans for improved advice and guidance campaigns to help businesses manage security risks.

The move follows a consultation by the DCMS to enhance the security of digital supply chains and third party IT services, which are used by firms for things such as data processing and running software.

Tyley says: "We are in the midst of a boom in supply chain technologies, from IoT devices in warehouses to driverless vehicles. However, all of these technologies are enabled via a myriad of access points, sensors and scanners. These devices are often physically dispersed and are not top of mind for organisations’ IT security design, which exposes organisations to significant supply chain security risks.

“In tandem, recent global supply chain issues have caused major disruption, hit front page headlines, and are considered the biggest threat to business growth according to recent research. The KPMG 2021 UK CEO Outlook showed 59% of UK chief executives say their business supply chain has been under increased stress since the start of the COVID-19 crisis. Furthermore, 16% of UK business leaders say they would be boosting British supply over the next three years, however these plans are under threat from cyber criminals hoping to wreak havoc.

“Today’s announcement will not only help British businesses mitigate future supply chain disruption, but it will also will help safeguard the UK’s future as it becomes increasingly digital. Organisations that can unlock innovative ways to enhance supply chain capabilities and security in the digital era will inevitably be the ones that both survive and thrive.”  

DCMS research 

New research of chairs, CEOs and directors of Britain’s top companies shows the majority (91 per cent up from 84 per cent in 2020) see cyber threats as a high or very high risk to their business, but nearly a third of leading firms are not taking action on supply chain cyber security, with only 69 per cent saying their organisation actively manages supply chain cyber risks.

The government’s National Cyber Security Centre (NCSC) already offers a raft of cyber security support and advice on identifying business-wide risks and vulnerabilities - including the Cyber Assessment Framework - as well as specific Supply Chain Security and Supplier Assurance guidance.

There is also advice on defending against ransomware attacks and the Cyber Essentials scheme offers small and medium-sized firms a cost-effective way of getting basic measures in place to prevent the vast majority of cyber attacks.

Minister for Media, Data and Digital Infrastructure, Julia Lopez, said: "As more and more organisations do business online and use a range of IT services to power their services, we must make sure their networks and technology are secure.

"Today we are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses’ digital footprint and protect their sensitive data.

"today’s government’s response to the call for views shows there is industry support for developing new or updated legislation, with 82 per cent of respondents agreeing legislation could be an effective or a somewhat effective solution.

"The government will now develop more detailed policy proposals and it is currently carrying out a review of the laws and measures which encourage firms to improve their cyber security and will launch a new national cyber strategy later this year."

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security