A supply chain attack occurs when threat actors compromise a trusted third party such as a software vendor, hardware
supplier or service provider to target an organisation indirectly. By infiltrating systems or products that the organisation
relies on, they can insert malicious code, manipulate updates or gain unauthorised access through trusted channels. These
attacks are especially dangerous as they exploit established trust and can affect multiple organisations downstream,
making them difficult to detect and contain.

In 2025, supply chain attacks have become a major cyber threat to UK organisations, with a rise in incidents targeting thirdparty providers. High-profile breaches have prompted the National Cyber Security Centre (NCSC) to provide guidance,
urging organisations to assess supplier risk and improve resilience. Yet, government data reveals that few businesses
actively review supply chain security, leaving many vulnerable to disruption.