Anticipating cyber risks in a supply chain: the growing supply chain threat landscape
Guest blog by John Hicklin, Lab-1 and Rob Wright, Nexor #techUKSupplyChainSecurityWeek
John Hicklin
Lab-1
John Hicklin
Lab-1
Robert Wright
Senior Technical Business Development Consultant, Nexor Ltd
Robert Wright
Senior Technical Business Development Consultant, Nexor Ltd
Supply chains are an increasingly common vector for cyber attacks, as evidenced by high-profile cases involving JLR and M&S. Information supply chains are as vulnerable to attack as logistical ones, especially where open-source software has been utilised in development.
Cyber criminals operate in their own multi-layered commercial ecosystem. The size of an individual breach does not necessarily determine its impact; attackers often harvest small but sensitive datasets that can be ‘weaponised’. Attacks are increasingly sophisticated, exploiting zero-day vulnerabilities to create ripple effects across entire supply chains, as demonstrated by the breach of Progress Software’s MOVEit Transfer solution.
A vulnerability in MOVEit Transfer (a widely used file transfer tool) was exploited, affecting many organisations through third-party vendors. For example, Zellis used MOVEit to handle payroll for clients such as the BBC. It was a textbook case of how a single point of compromise can cascade across thousands of organisations. The fallout continued well beyond the initial incident, with Amazon confirming in late 2024 that employee details had been leaked via a third-party provider connected to the original 2023 breach.
Beyond known risks: the iceberg challenge
Investment in IT-based security technologies has been the conventional response to combating cyber threats. However, this approach is inherently reactive and largely focused on known risks, meaning it can only reduce, rather than eliminate the likelihood of successful attacks.
There remains a vast volume of unknown or poorly understood data available to adversaries, often undiscovered by organisations until it is too late. As illustrated in the iceberg model below, the visible ‘attack surface’ represents only a fraction of the true risk. Beneath the surface lies a much larger, more complex layer of third-party exposure and unknown vulnerabilities that organisations must actively identify and manage.
Understanding the anatomy of a breach
The 2025 report by Lab 1, The Anatomy of a Breach, analyses 141 million unstructured files across 1,297 data breach incidents. It shifts the focus from the volume of leaked data to the high-impact nature of its content. Based on these incidents, the “average” breach contains:
22,647 individual files
13.44 GB of total data
14 different file types and 22 file classifications
Exposure impacting 482 organisations
Financial data appeared in 93% of incidents, while HR data featured in 81.7% of breaches, creating rich datasets for AI-driven fraud such as deepfakes, voice cloning, and social engineering. Customer service records were present in 66.6% of incidents, exposing personal data that can lead to identity theft and regulatory penalties.
Technical data is also frequently exposed, including system logs and cryptographic keys. This can enable attackers to bypass authentication processes or gain access to sensitive artefacts such as Software Bills of Materials (SBOMs). Additionally, datasets often include Social Security numbers, banking details (e.g. IBANs), and email addresses.
From data exposure to actionable risk
It is important to stress that all exposed data represents potential risk. Determining actual risk requires contextualisation against an organisation’s specific risk profile.
However, the manual effort required to analyse large-scale, unstructured data and assess risk is considerable. As a result, organisations must increasingly rely on emerging technologies to automate and scale this process.
The role of emerging technologies
To effectively address supply chain risk, organisations must first locate, collect, extract, and analyse compromised or exposed data across sources such as the dark web. This requires a combination of advanced data processing techniques, including machine learning and graph-based analysis.
Frontier large language models (LLMs) can significantly enhance both efficiency and effectiveness by enabling rapid analysis of extracted data, tasks that would otherwise be prohibitively time consuming. AI can also support validation of third-party and open-source software, identifying potential vulnerabilities or malicious code.
However, applying AI in isolation is not sufficient. The challenge lies in integrating these capabilities into a broader, structured security architecture.
Securing the information supply chain
A key question is where and how this advanced analysis should take place. Ideally, it should occur at trust boundaries or across security domains within the information supply chain, supported by technologies such as data guards.
Unlike traditional firewalls, data guards provide deep data inspection, filtering, and data loss prevention capabilities. However, conventional appliance-based guards are typically hard-coded, requiring manual updates and struggle to keep pace with evolving threats.
Software-defined data guards offer a more adaptive approach. Rather than relying on static rules, they provide a flexible platform where security functions can be dynamically orchestrated via APIs. For example, extracted software code can be routed to an LLM for inspection, before being triaged, allowed, quarantined, or removed, based on the outcome. This provides assurance that software moving through the supply chain has not been compromised.
An additional advantage of cloud-native, software-defined guards is their ability to scale dynamically in response to demand, optimising resource usage while maintaining security coverage.
Towards intelligent, contextual defence
The addition of Agentic Triage capabilities enables organisations to complete the picture by embedding their specific risk criteria into the analysis process. This allows systems to prioritise what matters most, cutting through noise and reducing false positives.
By combining AI-driven analysis, adaptive security architectures, and contextual risk assessment, organisations can move from reactive defence to proactive cyber resilience, better anticipating and mitigating risks across increasingly complex supply chains.
techUK Supply Chain Security Campaign Week 2026
Explore the technologies, policies and partnerships shaping the future of secure and resilient supply chains across the UK. From third-party cyber risk to defence, AI and operational resilience, Supply Chain Security Campaign Week brings together expert insight on the challenges organisations are facing and how industry is responding. Follow the week to stay informed and connected to the evolving threat landscape.
Securing the chain: innovation, accountability and resilience in supply chain security webinar
Explore how organisations are strengthening supply chain security through innovation, accountability and resilience. Gain insight into emerging technologies, regulatory approaches and practical strategies for managing cyber risk across complex supply chains. Join the webinar to understand how industry and government are responding to an evolving threat landscape.
techUK brings together key players across the cyber security sector to promote leading-edge UK capabilities, build networks and grow the sector. techUK members have the opportunity to network, share ideas and collaborate, enabling the industry as a whole to address common challenges and opportunities together. Visit the programme page here.
techUK Supply Chain Security Campaign Week 2026
Explore the key challenges and opportunities shaping secure and resilient supply chains through techUK’s Supply Chain Security Campaign Week 2026. Gain insight into cyber risk, defence, AI, resilience and public-private collaboration from across industry and government. Follow the campaign to access expert perspectives and practical approaches to strengthening supply chain security.
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.
Jill leads the techUK Cyber Resilience programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023.
In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.
Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.
Olivia Staples joined techUK in May 2025 as a Junior Programme Manager in the Cyber Resilience team.
She supports the programs mission to promote cyber resilience by engaging key commercial and government stakeholders to shape the cyber resilience policy towards increased security and industry growth. Olivia assists in member engagement, event facilitation and communications support.
Before joining techUK, Olivia gained experience in research, advocacy, and strategic communications across several international organisations. At the Munich Security Conference, she supported stakeholder engagement and contributed to strategic communications. She also worked closely with local and national government stakeholders in Spain and Italy, where she was involved in policy monitoring and advocacy for both public and private sector clients.
Olivia holds an MSc in Political Science (Comparative Politics and Conflict Studies) from the London School of Economics (LSE) and a BA in Spanish and Latin American Studies from University College London (UCL).
Outside of tech, Olivia enjoys volunteering with local charities and learning Norwegian.
