Securing digital trade: Lessons from supply chain cyber attacks
In an increasingly interconnected world, the digital supply chain is no longer just a technical concern - it’s a strategic imperative. As geopolitical tensions rise and trade becomes more digitised, the security of our digital infrastructure is now directly tied to national resilience, economic stability, and international trust. Just like our experience of the global pandemic, digital infections can move silently, across borders, and can disrupt global systems and services.
I’ve seen first-hand how cyber threats targeting supply chains can ripple across industries and borders. As threat actors move with impunity from sector to sector without any geographical boundaries to hold them back, exploiting inherent weaknesses in supply chain outsourcing, an indirect route with deep supplier networks to the knock-on effects on consumer and public services, the risks are real - and growing.
When one breach becomes everyone’s problem
Recent high-profile incidents, such as the retail giant M&S, global airline Quantas, and one of the largest banks in Europe UBS, all victims of supply chain attacks, which shows how a single vulnerability can cascade across global systems, and impact millions of citizens with a price tag to match.
The implications go far beyond IT. When the NHS was hit by a ransomware attack on a third-party provider, it wasn’t just a cybersecurity issue - it became a national health emergency. In today’s world, a compromised supply chain can disrupt everything from healthcare to financial services to international trade.
Cybersecurity is economic security
The lines between trade, technology, and security are blurring. Cybersecurity is no longer just about protecting data - it’s about safeguarding the flow of goods, services, and trust across borders.
Supply chain attacks exploit the very systems that enable global trade - cloud platforms, APIs, identity providers - and turn them into vectors for disruption. Because these systems are often shared across industries and nations, the impact is rarely contained.
This is why digital trust is now a cornerstone of international trade policy. The global threat landscape demands shared responsibility, interoperable standards and open cooperation to build digital supply chains that are resilient by design. A secure, and resilient digital infrastructure is essential to economic competitiveness and cross-border trade.
A global challenge requires global cooperation
Countries around the world are waking up to the systemic risks posed by supply chain cyber-attacks. Yet we have globally fragmented cybersecurity laws, incident response disclosure mandates, and enforcement priorities which fail to enact a genuine coordinated incident response. For example, the EU NIS2 Directive and the US cyber incident reporting for critical infrastructure, alongside the proposed UK cyber resilience bill, all differ in scope and reporting timelines. That’s not helpful or progressive in my opinion.
This lack of standardisation leads to slower detection, inconsistent mitigation, and poor attribution, the global community must do better, no one enterprise or government secures the global digital supply chain alone.
To build a more resilient digital ecosystem. But we must go further - embedding cybersecurity into the very fabric of trade agreements, procurement policies, and digital infrastructure planning.
What can we do?
The good news? The risks associated with many supply chain attacks can be reduced. A few key practices can dramatically mitigate the risk:
Enforce multi-factor authentication (MFA) across all cloud and SaaS environments.
Audit and rotate credentials regularly, especially for service accounts and third-party integrations.
Require a Software Bill of Materials (SBOM), avoid blind trust, insist on transparency in your software vendor supply chain.
Limit vendor access and monitor behaviour, ensure you can revoke access and choke off a vulnerability before it spreads into your eco-system.
Educate teams on the principles of Secure by Design and build internal Threat Modeling capabilities to move beyond compliance tick boxing.
But technical controls alone aren’t enough. We need a mindset shift - one that treats cybersecurity resilience as a core component of trade policy and economic strategy.
What’s next? A new frontier of supply chain threats
As technology evolves, so do its threats. Quantum threats are on the horizon, but there is no evidence of post quantum crypto supply chain attacks yet, although this is a real issue. At present we are seeing signs of:
AI-driven fake vendors that gain access through AI generated organisations and fake procurement channels and service desk routes.
Compromised software developer’s tools and pipelines, injecting vulnerabilities into integration tools and platforms and shared libraries.
Poisoned LLM’s and training datasets, creating downstream backdoors for AI applications and models – model supply chain security will dominate through 2026.
Deep supply chain dependencies, where vulnerabilities in fourth, or fifth-tier suppliers can go undetected until it’s too late.
Staying ahead of these threats will require continuous innovation, international collaboration, and a cohesive commitment to digital resilience, beyond voluntary codes of practice.
We need a resilient digital trade ecosystem
Securing digital trade is not just possible - it’s essential. Much of the worlds trade is digital, from communication, payments, logistics and customs. One compromised vendor can paralyse ports, hijack contracts or leak IP. When digital trade grows, so does the attack surface. Secure by Design platforms, trusted vendors, and proven code should be non-negotiable.
As we navigate tech, trade, and security, one thing is clear to me, trade doesn’t just move in containers, it moves in code, our entire trade flow depends on invisible software and digital supply chains. If the software in your trade pipeline can’t be verified, it can’t be trusted, and if it can’t be trusted we are all exposed!
techUK International Policy and Trade Programme activities
techUK supports members with their international trade plans and aspirations. We help members to understand market opportunities, tackle market access barriers, and build partnerships in their target market. Visit the programme page here.
techUK Report - Enabling Growth and Resilience: the UK Tech Sector in an Uncertain World
New techUK report outlines key policy recommendations to boost the UK’s growth through the tech sector amid global challenges, emphasising resilience, trade leadership, and strategic investment.
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.
Sabina Ciofu is Associate Director – International, running the International Policy and Trade Programme at techUK.
Based in Brussels, she leads our EU policy and engagement. She is also our lead on international trade policy, with a focus on digital trade chapter in FTAs, regulatory cooperation as well as broader engagement with the G7, G20, WTO and OECD.
As a transatlanticist at heart, Sabina is a GMF Marshall Memorial fellow and issue-lead on the EU-US Trade and Technology Council, within DigitalEurope.
Previously, she worked as Policy Advisor to a Member of the European Parliament for almost a decade, where she specialised in tech regulation, international trade and EU-US relations.
Sabina loves building communities and bringing people together. She is the founder of the Gentlewomen’s Club and co-organiser of the Young Professionals in Digital Policy. Previously, as a member of the World Economic Forum’s Global Shapers Community, she led several youth civic engagement and gender equality projects.
She sits on the Advisory Board of the University College London European Institute, Café Transatlantique, a network of women in transatlantic technology policy and The Nine, Brussels’ first members-only club designed for women.
Sabina holds an MA in War Studies from King’s College London and a BA in Classics from the University of Cambridge.
Policy Manager for International Policy and Trade, techUK
Daniel Clarke
Policy Manager for International Policy and Trade, techUK
Dan joined techUK as a Policy Manager for International Policy and Trade in March 2023.
Before techUK, Dan worked for data and consulting company GlobalData as an analyst of tech and geopolitics. He has also worked in public affairs, political polling, and has written freelance for the New Statesman and Investment Monitor.
Dan has a degree in MSc International Public Policy from University College London, and a BA Geography degree from the University of Sussex.
Outside of work, Dan is a big fan of football, cooking, going to see live music, and reading about international affairs.
Theo joined techUK in 2024 as EU Policy Manager. Based in Brussels, he works on our EU policy and engagement.
Theo is an experienced policy adviser who has helped connect EU and non-EU decision makers.
Prior to techUK, Theo worked at the EU delegation to Australia, the Israeli trade mission to the EU, and the City of London Corporation’s Brussels office. In his role, Theo ensures that techUK members are well-informed about EU policy, its origins, and its implications, while also facilitating valuable input to Brussels-based decision-makers.
Theo holds and LLM in International and European law, and an MA in European Studies, both from the University of Amsterdam.
Lewis' programmes cover a range of policy areas within Market Access (international trade regulation, sanctions and export controls, technical standards and product compliance, supply chains) and Consumer Tech (media and broadcast policy, consumer electronics, and connected home technology).
Prior to joining techUK, Lewis worked in government affairs and policy roles for international trade associations in Southeast Asia including the American Malaysian Chamber of Commerce and the European Chamber of Commerce in Cambodia.
He holds an undergraduate degree in Social and Political Sciences from the University of Cambridge and an MSc in Public Policy & Management from SOAS University of London.
Tess joined techUK as an Policy and Public Affairs Team Assistant in November of 2024. In this role, she supports areas such as administration, member communications and media content.
Before joining the Team, she gained experience working as an Intern in both campaign support for MPs and Councilors during the 2024 Local and General Election, and working for the Casimir Pulaski Foundation on defence and international secuirty. She has worked for multiple charities, on issues such as the climate crisis, educational inequality and Violence Against Women and Girls (VAWG). In 2023, Tess obtained her Bachelors of Arts in Politics and International Relations from the University of Nottingham.
