Securing digital trade: Lessons from supply chain cyber attacks
In an increasingly interconnected world, the digital supply chain is no longer just a technical concern - it’s a strategic imperative. As geopolitical tensions rise and trade becomes more digitised, the security of our digital infrastructure is now directly tied to national resilience, economic stability, and international trust. Just like our experience of the global pandemic, digital infections can move silently, across borders, and can disrupt global systems and services.
I’ve seen first-hand how cyber threats targeting supply chains can ripple across industries and borders. As threat actors move with impunity from sector to sector without any geographical boundaries to hold them back, exploiting inherent weaknesses in supply chain outsourcing, an indirect route with deep supplier networks to the knock-on effects on consumer and public services, the risks are real - and growing.
When one breach becomes everyone’s problem
Recent high-profile incidents, such as the retail giant M&S, global airline Quantas, and one of the largest banks in Europe UBS, all victims of supply chain attacks, which shows how a single vulnerability can cascade across global systems, and impact millions of citizens with a price tag to match.
The implications go far beyond IT. When the NHS was hit by a ransomware attack on a third-party provider, it wasn’t just a cybersecurity issue - it became a national health emergency. In today’s world, a compromised supply chain can disrupt everything from healthcare to financial services to international trade.
Cybersecurity is economic security
The lines between trade, technology, and security are blurring. Cybersecurity is no longer just about protecting data - it’s about safeguarding the flow of goods, services, and trust across borders.
Supply chain attacks exploit the very systems that enable global trade - cloud platforms, APIs, identity providers - and turn them into vectors for disruption. Because these systems are often shared across industries and nations, the impact is rarely contained.
This is why digital trust is now a cornerstone of international trade policy. The global threat landscape demands shared responsibility, interoperable standards and open cooperation to build digital supply chains that are resilient by design. A secure, and resilient digital infrastructure is essential to economic competitiveness and cross-border trade.
A global challenge requires global cooperation
Countries around the world are waking up to the systemic risks posed by supply chain cyber-attacks. Yet we have globally fragmented cybersecurity laws, incident response disclosure mandates, and enforcement priorities which fail to enact a genuine coordinated incident response. For example, the EU NIS2 Directive and the US cyber incident reporting for critical infrastructure, alongside the proposed UK cyber resilience bill, all differ in scope and reporting timelines. That’s not helpful or progressive in my opinion.
This lack of standardisation leads to slower detection, inconsistent mitigation, and poor attribution, the global community must do better, no one enterprise or government secures the global digital supply chain alone.
To build a more resilient digital ecosystem. But we must go further - embedding cybersecurity into the very fabric of trade agreements, procurement policies, and digital infrastructure planning.
What can we do?
The good news? The risks associated with many supply chain attacks can be reduced. A few key practices can dramatically mitigate the risk:
Enforce multi-factor authentication (MFA) across all cloud and SaaS environments.
Audit and rotate credentials regularly, especially for service accounts and third-party integrations.
Require a Software Bill of Materials (SBOM), avoid blind trust, insist on transparency in your software vendor supply chain.
Limit vendor access and monitor behaviour, ensure you can revoke access and choke off a vulnerability before it spreads into your eco-system.
Educate teams on the principles of Secure by Design and build internal Threat Modeling capabilities to move beyond compliance tick boxing.
But technical controls alone aren’t enough. We need a mindset shift - one that treats cybersecurity resilience as a core component of trade policy and economic strategy.
What’s next? A new frontier of supply chain threats
As technology evolves, so do its threats. Quantum threats are on the horizon, but there is no evidence of post quantum crypto supply chain attacks yet, although this is a real issue. At present we are seeing signs of:
AI-driven fake vendors that gain access through AI generated organisations and fake procurement channels and service desk routes.
Compromised software developer’s tools and pipelines, injecting vulnerabilities into integration tools and platforms and shared libraries.
Poisoned LLM’s and training datasets, creating downstream backdoors for AI applications and models – model supply chain security will dominate through 2026.
Deep supply chain dependencies, where vulnerabilities in fourth, or fifth-tier suppliers can go undetected until it’s too late.
Staying ahead of these threats will require continuous innovation, international collaboration, and a cohesive commitment to digital resilience, beyond voluntary codes of practice.
We need a resilient digital trade ecosystem
Securing digital trade is not just possible - it’s essential. Much of the worlds trade is digital, from communication, payments, logistics and customs. One compromised vendor can paralyse ports, hijack contracts or leak IP. When digital trade grows, so does the attack surface. Secure by Design platforms, trusted vendors, and proven code should be non-negotiable.
As we navigate tech, trade, and security, one thing is clear to me, trade doesn’t just move in containers, it moves in code, our entire trade flow depends on invisible software and digital supply chains. If the software in your trade pipeline can’t be verified, it can’t be trusted, and if it can’t be trusted we are all exposed!
techUK’s Trade Campaign Week 2025 brings together industry voices, policymakers and thought leaders to explore how technology is reshaping the global trade landscape. Throughout the week, we’ll highlight key issues at the intersection of trade, security and innovation, from navigating geopolitical uncertainty to unlocking the potential of emerging tech.
techUK International Policy and Trade Programme activities
techUK supports members with their international trade plans and aspirations. We help members to understand market opportunities, tackle market access barriers, and build partnerships in their target market. Visit the programme page here.
techUK's first delegation to India
techUK’s international team was proud to lead our first-ever members delegation to India
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.
Sabina Ciofu is International Policy and Strategy Lead at techUK, where she heads the International Policy and Trade Programme. Based in Brussels, she shapes global tech policy, digital trade, and regulatory cooperation across the EU, US, Canada, Asia-Pacific, and the Gulf region. She drives strategy, advocacy, and market opportunities for UK tech companies worldwide, ensuring their voice is heard in international policy debates.
With nearly a decade of previous experience as a Policy Advisor in the European Parliament, Sabina brings deep expertise in tech regulation, trade policy, and EU–US relations. Her work focuses on navigating and influencing the global digital economy to deliver real impact for members.
A passionate community-builder, Sabina co-founded Young Professionals in Digital Policy (800+ members) and now runs Old Professionals in Digital Policy (more experience, better wine, earlier nights). She is also the founder of the Gentlewomen’s Club, a network of 500+ women supporting each other with kindness.
She holds advisory roles with the UCL European Institute, Café Transatlantique (a network of women in transatlantic tech policy), and The Nine, Brussels’ first members-only club for women.
Recognised by ComputerWeekly as one of the most influential women in UK tech, Sabina is also a sought-after public speaker on tech, trade and diversity.
Sabina holds an MA in War Studies from King’s College London and a BA in Classics from the University of Cambridge.
Senior Policy Manager for International Policy and Trade, techUK
Daniel Clarke
Senior Policy Manager for International Policy and Trade, techUK
Dan joined techUK as a Policy Manager for International Policy and Trade in March 2023.
Before techUK, Dan worked for data and consulting company GlobalData as an analyst of tech and geopolitics. He has also worked in public affairs, political polling, and has written freelance for the New Statesman and Investment Monitor.
Dan has a degree in MSc International Public Policy from University College London, and a BA Geography degree from the University of Sussex.
Outside of work, Dan is a big fan of football, cooking, going to see live music, and reading about international affairs.
Theo joined techUK in 2024 as EU Policy Manager. Based in Brussels, he works on our EU policy and engagement.
Theo is an experienced policy adviser who has helped connect EU and non-EU decision makers.
Prior to techUK, Theo worked at the EU delegation to Australia, the Israeli trade mission to the EU, and the City of London Corporation’s Brussels office. In his role, Theo ensures that techUK members are well-informed about EU policy, its origins, and its implications, while also facilitating valuable input to Brussels-based decision-makers.
Theo holds and LLM in International and European law, and an MA in European Studies, both from the University of Amsterdam.
Tess joined techUK as an Policy and Public Affairs Team Assistant in November of 2024. In this role, she supports areas such as administration, member communications and media content.
Before joining the Team, she gained experience working as an Intern in both campaign support for MPs and Councilors during the 2024 Local and General Election, and working for the Casimir Pulaski Foundation on defence and international secuirty. She has worked for multiple charities, on issues such as the climate crisis, educational inequality and Violence Against Women and Girls (VAWG). In 2023, Tess obtained her Bachelors of Arts in Politics and International Relations from the University of Nottingham.
