LONDON, 30th September 2025 — SecurityScorecard today launched a whitepaper to help UK firms prepare for the UK Cyber Security and Resilience Bill, which will bring supply chain resilience into regulation for the first time.
The Cyber Security and Resilience Bill, introduced in the July 2024 King’s Speech, aims to improve UK companies cyber readiness by proposing sweeping updates, expanding oversight to include Managed Service Providers (MSPs), data centres, and “Designated Critical Suppliers.” It mirrors the EU’s NIS2 directive in mandating 24-hour incident reporting and proactive supply chain risk assessments.
“The UK isn’t just under attack, it’s falling behind threat actors,” said Ryan Sherstobitoff, Field CTO at SecurityScorecard. “They exploited trusted partners in the Jaguar Land Rover, M&S, and European airport breaches demonstrating that legacy compliance models can’t keep up with today’s threat velocity. The weakest link in your supply chain is now the front door.”
Implications of the New UK Cybersecurity and Resilience Bill
- Incident notification required within 24 hours; full report due in 72 hours.
- Regulators can recover costs and impose sector-specific obligations.
- Expanded oversight includes:
- Small digital service providers
- High-capacity data centres
- Emphasis on real-time monitoring and supply chain-wide accountability.
Key data points:
- 97% of the UK’s top 100 companies experienced a third-party breach; the same percentage had fourth-party compromises.
- 41.4% of ransomware attacks now originate via third-party access vectors.
- Companies with an “A” SecurityScorecard rating are 138.x less likely to be breached than those rated “F”.
- Communications and Healthcare sectors had the weakest cybersecurity posture:
- Up to 70% of companies in these industries in the UK were rated “C” or lower.
“The lesson is simple,” Sherstobitoff added. “If you can’t see it, you can’t secure it. UK organizations need full visibility into their vendor ecosystem, before regulators or ransomware actors force their hand.”
Action Steps for UK Organisations
- Conduct third-party risk assessments aligned with NCSC’s Cyber Assessment Framework (CAF)
- Identify Designated Critical Suppliers
- Map supply chain dependencies
- Update incident response protocols to meet new deadlines
You can read the full whitepaper and prepare your organization for free here.
About SecurityScorecard
SecurityScorecard modernizes Third Party Risk Management (TPRM) using AI and threat intelligence to continuously manage, detect, and respond to global supply chain risk. The TITAN AI Platform unifies threat intelligence and third-party data to deliver real-time visibility and insights that accelerates both risk reduction and compliance. The AI platform is built to deliver the full spectrum of modern TPRM outcomes while strengthening resilience. It reduces compliance burden and administrative friction, drives measurable risk reduction, and prioritizes the most critical exposures. With robust reporting and streamlined workflows, it modernizes TPRM from a reactive compliance exercise into a proactive, risk-driven program.
Learn more at securityscorecard.com or follow us on LinkedIn.
View full press release.
Media Contact
10Fold for SecurityScorecard
securityscorecard@10fold.com
