Skip to main content

Supply chain incidents are increasing and can cause significant operational and financial disruption. Recent cyberattacks on UK organisations, ranging from supermarkets to the automotive and aviation sectors, demonstrate how trusted supplier relationships can be exploited, leading to widespread impact. This bulletin summarises what happened, why it happened, and practical steps for businesses to reduce supply chain risk. 

 

1. Recent UK Supply Chain Incidents

Co-op (April 2025) 

  • Sensitive data of 6.5 million members were exfiltrated, and food supply chains were disrupted for several weeks. 
  • Financial losses amounted to approximately £220 million. 

Marks & Spencer (M&S, Easter 2025) 

  • Contractors were tricked into resetting MFA-protected accounts, allowing ransomware to be deployed. 
  • Online orders were offline for weeks; profit was reduced by £300 million and market value fell by over £1 billion. 

Jaguar Land Rover (JLR, August 2025) 

  • A supply chain ransomware attack forced global production shutdowns for nearly one month. 
  • Costs were estimated at £50 million per week; thousands of jobs were at risk, and dealerships were unable to register new vehicles. 

Collins Aerospace (September 2025) 

  • Ransomware compromised the MUSE check-in system, resulting in hundreds of flight cancellations. 
  • Industry losses were estimated at over £130 million. Attackers exploited unpatched API vulnerabilities. 

Salesloft / Salesforce Compromise 

  • OAuth tokens for integrations were compromised, allowing unauthorised access to downstream customer systems. 
  • Over 700 organisations were affected globally, highlighting the risks from supplier integrations. 

 

2. Why These Incidents Occurred

  • Social Engineering and Human Error: Phishing and manipulation of contractors. 
  • Supply Chain Vulnerabilities: A single vendor compromise can paralyse entire ecosystems. 
  • Legacy Systems and Poor Patch Management: Outdated OT/IT systems provided exploitable weaknesses. 
  • Centralisation and Single Points of Failure: One system outage caused widespread disruption. 
  • Weak Identity Controls: Multi-factor authentication alone was insufficient, and phishing-resistant methods were often missing. 
  1. Impact
  • Financial: Hundreds of millions of pounds lost. 
  • Operational: Empty shelves, halted production, grounded flights. 
  • Reputational: Customer trust and market value were damaged. 
  • Regulatory and Legal: Potential fines and GDPR investigations. 

 

4. Practical Actions for Businesses

Identity and Access Management 

  • Use phishing-resistant multi-factor authentication, such as hardware keys or passkeys. 
  • Enforce least privilege and network segmentation for supplier accounts. 

Supply Chain and Vendor Security 

  • Evaluate suppliers’ cybersecurity before, during, and after engagement. 
  • Audit high-risk vendors and embed contractual security obligations. 
  • Implement the UK NCSC’s 12 supply chain security principles. 

Patch and Vulnerability Management 

  • Prioritise critical vulnerabilities and automate patching where feasible. 

Incident Response and Resilience 

  • Maintain offline backups and rehearsal drills for ransomware recovery. 
  • Develop manual fallback processes for critical operations. 

Employee Awareness 

  • Train staff to detect phishing and social engineering attacks. 
  • Harden help desks with strict identity verification for password resets and requests. 

Monitoring and Early Detection 

  • Use advanced monitoring, anomaly detection, and selective deception technologies. 
  • Prioritise monitoring for high-risk supplier integrations. 

 

5. Critical Insights

  • Treat suppliers as part of the internal security perimeter. 
  • Privileged access from vendors can be exploited; enforce strong controls. 
  • Proactive, layered cybersecurity, encompassing technology, processes, and people, is essential. 
  • Supply chain security equates to business continuity, trust, and resilience. 

 

 

Topics

  • news
  • Advisory