Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Data Centre Solutions is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Data Centre Solutions Video magazine contains the latest Zoom interviews with experts in the industry.
The recent disruption at major European airports once again demonstrated that a single supplier incident can have cascading effects across an entire industry. The UK government’s preparations for the Cyber Security and Resilience Bill meanwhile signal a clear ambition to strengthen the security of UK critical national infrastructure. To truly boost national resilience, this vital legislative push must be accompanied by a paradigm shift in cyber security culture, transitioning from isolated self-reliance to a model of collective defence.
For decades, the standard approach to cyber security was simple: build the wall higher. While businesses naturally compete for customers and market share, they simultaneously adopted a siloed, every-organisation-for-itself model of cyber defence, almost entirely focused on securing their own organisational perimeters. This has at least partially been due to an understandable hesitancy of security teams to share risk intelligence with peers, fearing that disclosing details about cyber weaknesses, third-party vulnerabilities, or incidents could lead to reputational damage or expose them to further risk.
This traditional approach, however, is now untenable. The perimeter has moved well beyond a firm's own boundaries. Today, an organisation's security posture is inextricably linked to the vast ecosystem of third-party suppliers and external service providers that everyone increasingly relies on. Even organisations with strong internal security controls are vulnerable to weaknesses in these third-party suppliers. While the fallout was fortunately rather limited in this case, the recent attack on a check-in and boarding service vendor illustrates how an incident affecting a single supplier could, in other circumstances, escalate into a systemic risk for an entire industry.
To combat this reality, our defences must extend past internal systems and organisational boundaries to encompass the wider ecosystem of supply chain dependencies. This shift, from a single organisation’s perimeter to an ecosystem defence model, requires a new type of collaboration.
Beyond Compliance and Contracts
The concept of collaboration, of course, is not foreign to the security world. For years, threat intelligence (threat intel) teams have successfully exchanged data and mitigation strategies through trusted networks like the Information Sharing and Analysis Centers (ISACs). This cultural precedent, however, has yet to take root in Third-Party Risk Management (TPRM).
While threat intel teams share attack signatures, TPRM teams rarely share detailed information about supplier security postures or identified weaknesses. Consequently, supply chain risks remain dangerously siloed, with each organisation limited to its own costly, reactive, and resource-intensive risk management efforts. In fact, recent data shows that over a third of UK cyber security
professionals see the lack of collaboration and information sharing with peers as a key shortcoming in managing cyber risks.
Commercial competitors within the same industries, and often sharing overlapping supply chains, must recognise their interdependence and agree to share relevant, risk-scoped data on their common suppliers with each other.
Bolstering sectoral resilience requires collaboration
Regulators are increasingly aligned with this vision. Bodies such as the Bank of England, Financial Conduct Authority and Prudential Regulation Authority are supporting more collaboration and collective defence, and are seeking a clearer picture of the financial sector’s overall supply chain cyber risk exposure—not least to be able to identify systemic concentration risks. The forthcoming Cyber Security and Resilience Bill is expected to formalise greater scrutiny of critical suppliers and enhance incident reporting, driving a collective need for better data.
It is important to recognise, however, that individual organisations, no matter how diligent, cannot identify systemic concentration risks on their own. Shared reliance on common suppliers often remains invisible within isolated TPRM efforts. Only through collaboration—where multiple organisations pool data and map out the entire sector’s supply chain ecosystem together—can these shared dependencies be uncovered. This collective visibility is crucial to reveal critical suppliers whose compromise could cascade into widespread disruption throughout an industry. Without such cooperative efforts, systemic risks remain hidden and unmitigated, leaving sectors vulnerable to attacks that exploit these concentration risks.
The benefits of collaboration are clear: if TPRM teams share relevant data, organisations could spot systemic weaknesses before they are exploited, coordinate remediation efforts, and collectively engage suppliers to strengthen their defences. Protecting critical sectors such as finance, healthcare, and energy requires this collective resilience.
The future of cyber defence thus lies not simply in better technology, but in the willingness to act collectively. By fostering TPRM peer communities within the same industries, organisations can ensure that while they may compete for market share, they stand united in their fight against a shared and increasingly complex threat environment.
