Government regulation could be on the way to forcing improvements in supply chain security after industry feedback and new research highlight protection gaps.
Feedback from the government’s May 2021 call for comment confirmed several key obstacles facing businesses: low recognition of supplier risk; limited supply chain transparency; inadequate tools for assessing supplier risk; and “Restrictions on action due to structural imbalances”.
The government was pursuing several possible “interventions” to improve the situation, including more advice and guidance, improved access to skilled workers and the right products, and regulation – which more respondents than anyone else reportedly described as “very effective” became another option.
In the future, IT service providers could be obliged to follow cybersecurity rules such as those of the National Cyber Security Center (NCSC). Cyber assessment framework as part of a possible regulation.
The NCSC currently offers specific guidelines on supply chain security and supplier assurance, which could also be integrated into future requirements.
In addition, the government was considering the prospect of new public procurement rules to ensure the public sector purchases services from companies with good cybersecurity standards.
The news arrives the day the government comes in new study of Chairs, CEOs and Directors of leading UK companies. It showed that almost a third (31%) do not actively manage cyber risks in their supply chain.
A similar number (35%) do not inform the board of directors about such risks or do not include supply chain risks in the written documentation (32%).
A third (34%) of the respondents also called for greater awareness, training and further education of the board members in order to improve decision-making on questions of cyber resilience.
A quarter (24%) said they worked more with outside experts, while a fifth (21%) said regular updates and reports would help.
#Government #plans #regulation #strengthen #supply #chain #security