Nearly every UK company hit by supply chain attacks despite big spending
BlueVoyant has released its sixth annual State of Supply Chain Defense report, offering a detailed look at how third-party risk is handled across regions, industries, and maturity levels.
The findings show widening gaps between investment and outcomes, rising breach rates, and growing use of AI to support vendor oversight. The research surveyed one thousand eight hundred senior IT leaders across eleven countries, including three hundred from the UK, and reveals how UK organizations compare with global trends.
SEE ALSO: Supply chain security risks are becoming unmanageable
Only forty-five percent of UK organizations say they’ve established or optimized their third-party risk management programs. Nearly all respondents -- ninety-eight percent -- report being negatively affected by supply chain breaches in the past year.
The UK also recorded the highest average breach rate at 4.1 incidents per organization, showing that risk exposure remains high even among companies with structured programs in place.
AI adoption is expected to increase over the next twelve months. UK firms plan to use AI for continuous monitoring, questionnaire management, and risk reporting. Sixty-eight percent expect to apply AI to ongoing supplier monitoring, fifty-seven percent to questionnaire workflows, and forty-three percent to reporting. BlueVoyant says automation is becoming essential as vendor ecosystems grow.
Organizational barriers continue to hold programs back. Twenty-one percent of UK respondents say collaboration across internal stakeholders is the biggest challenge to maturing their programs. Senior leadership engagement is also limited. Only sixteen percent brief executives monthly or more often, the lowest rate of any region surveyed.
With most companies briefing leadership every three to six months, visibility into supply chain security clearly isn’t where it needs to be.
Vendor tiering and outsourcing patterns were also covered. Forty-three percent of UK firms outsource third-party risk data analysis, and thirty-six percent outsource monitoring, an increase from 2024. Tiering decisions are often based on contract value, cited by sixty-three percent of UK firms compared with fifty-four percent globally. Sixty percent tier vendors by operational importance.
Robert Hannigan, Chairman, International Business at BlueVoyant, said UK organizations still face a disconnect between investment and outcomes. “UK organizations are clearly advancing in third-party risk maturity, but the data shows a critical disconnect between investment and impact. Despite aggressive spending and strategic intent, breach rates remain the highest globally. To truly shift the needle, businesses must move beyond compliance-driven programs and embrace risk reduction as a core operational priority. While insurance requirements, contractual obligations, and board mandates are critical, if UK organizations were to achieve more effective risk reduction this would result in more meaningful compliance outcomes.”
With ninety-six percent of organizations expecting their vendor ecosystems to grow, the report says effective programs will need stronger executive involvement, tighter integration with enterprise risk systems, and better internal alignment to keep pace with expanding supply chain risk.
What do you think about BlueVoyant’s latest supply chain findings? Let us know in the comments.
Image credit: mc_stockphoto.hotmail.com/depositphotos.com