Supply chain disruption has recently become a global issue for businesses and is thought to be caused by a culmination of factors. In the previous instalments in this series, we investigated how these disruptions have impacted businesses in recent years, what businesses should be aware of in 2025 and the impact on insurance premiums.

This article serves as part three in this series and will focus on how supply chains are impacted by cyberattacks.

How significant are cyberattacks to businesses?

Cybersecurity breaches have continued to rise. In the last 12 months alone, over 50% of businesses and 32% of charities have experienced a cyber-attack or breach. The most common of which was due to phishing, impacting over 83%.

In 2024, cyber-attacks were the second-biggest disruptor of the supply chain for organisations. The only cause to top cyber-attacks was third-party failure.

Will cyberattacks continue to be a prominent concern?

According to the BCI Supply Chain Resilience Report 2024, cyber-attacks were ranked as the biggest concern over the next year for the majority of their respondents[1].

It comes as no surprise that as Artificial Intelligence (AI) develops, these attacks will become increasingly sophisticated. To reduce the potential impact of cyber threats on the supply chain, it is essential to make cybersecurity a priority.

What can businesses do to protect themselves against cyberattacks?

First off, don’t panic! It’s easy to get overwhelmed when you consider the risk of cyberattacks, but we’re here to help with that. Break down your cybersecurity strategy into digestible chunks that you can work through.

The National Cyber Security Centre recommends five steps[2]:

1. Back up your data

Back up all your business-critical data on a regular basis. This means that in the event of an attack, you are still able to operate.

2. Prevent malware gaining access

Malware is malicious software that can infiltrate your business and cause chaos. The most well-known form is viruses, but you can install antivirus software to combat these. You can also keep devices safe by:

• Ensuring all software is updated with the latest versions.
• Avoid downloading apps unless you know they are safe.
• Avoid connecting any non-company issued devices to your equipment.
• Creating a firewall.
• Training staff effectively to know what to look for.

3. Secure your devices

We recently released an article as part of our cybersecurity series which focused on how to secure your devices. Download the bitesize guide or read the full article.

4. Password-protect like a pro

One of the fundamentals of cybersecurity is having strong passwords. All devices and software should have passwords in place and, where possible, two-step verification. Try to avoid predictable passwords and have measures in place to help your staff cope with the volume of passwords. The National Cyber Security Centre recommend avoiding regular password changes unless password credentials are compromised[3].

5. Know what to look for during an attack

Your team is the frontline when it comes to protecting your business from cyberattacks. Make sure they are fully trained on what to look for and offer rewards for them for being observant – a team motivated to actively seek out cyberattacks could save you a lot of money and hassle in the long run. Should any attacks take place, do not punish your team – these attacks are carefully designed to avoid detection. Make sure to report all attacks through Action Fraud. 

What precautions can businesses put in place to help them in the event of a cyberattack?

To help your business bounce back after a cyberattack, ensure you are covered with dedicated cyber insurance.

Our cyber liability insurance includes cover for:

• Data recovery.
• Intellectual property theft.
• Cyber extortion.
• Hacker damage reimbursement.
• Business interruption including compensation for loss of income and reputational damage.

If you would like to find out more about cyber insurance, please speak to your usual Towergate adviser.

Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems, we recommend that professional advice be sought.

Sources

[1] Latest BCI report reveals escalating supply chain disruptions drive increased tier mapping and insurance uptake | BCI.org

[2] Using passwords to protect your data | NCSC.gov.uk

[3] Latest BCI report reveals escalating supply chain disruptions drive increased tier mapping and insurance uptake | BCI.org