UK Government Releases New Anti-Ransomware Guidance to Strengthen Supply Chain Security

Published 2025-10-24 19:04:10 | www.computerweekly.com
Ransomware Cybersecurity Supply Chain

🎙️ Paranoid Newscast

🎭
Credibility
75%
📊
Risk Score
56%
🎲
Likelihood
7/10
💥
Impact
8/10
🛡️
Priority
4/5
The UK government has introduced new anti-ransomware guidance aimed at addressing supply chain vulnerabilities that have led to significant cyber incidents. Developed in collaboration with Singapore, the guidance outlines practical steps for organizations to enhance their supply chain security and prevent exploitation by cyber criminals.

The UK government has released new anti-ransomware guidance designed to address the weaknesses in supply chains that have been the ultimate source of several of many of the record 204 “nationally significant” incidents dealt with by the National Cyber Security Centre (NCSC) in the past year. Developed alongside the Singapore authorities as part of a joint commitment made last year under the auspices of the Counter Ransomware Initiative (CRI), the guidance aims to help organisations spot issues in their supply chains before cyber criminals are able to exploit them and sets out several practical steps to check supplier security and guard against vulnerabilities.

The CRI is backed by over 67 countries – but not the US – and bodies such as Interpol and the World Bank. “Ransomware and cyber attacks pose an immediate and urgent threat to our nation’s security and economy,” said UK security minister Dan Jarvis. “We are taking decisive action to counter this threat, but global coordination is essential. “Cyber security must be a top priority for all businesses. It’s vital that the counter-ransomware guidance is followed and strong measures are taken to defend against these destructive attacks.”

NCSC director for national resilience, Jonathon Ellison added: “A ransomware attack on one organisation can severely disrupt entire supply chains, affecting businesses and services across the UK and beyond. We know that many of these incidents are preventable by implementing basic cyber security measures, such as the UK’s Cyber Essentials certification. “We strongly urge organisations to follow the NCSC’s supply chain security guidance to help protect themselves, their partners, and the UK’s national cyber resilience.”

The guidance itself – available to read in full here – sets out a multi-step plan to enhance supply chain resilience. These steps emphasise factors such as the need to select suppliers that have implemented security controls aligned to the risk levels of the activity they are participating in; the need to communicate your organisation’s own security expectations to supplier partners; the need to build cyber into the contracting process; the need to conduct independent audits and tests of suppliers or requiring external accreditation from cyber technical authorities; and the need to insist upon cyber insurance policies being in place.

The guidance additionally advises organisations to work hand-in-hand with suppliers to review any incidents or near misses, exercise response plans, share new threat intelligence or revised best practices, and keep contracts updated to reflect the changing cyber security landscape. It also urges organisations to do more to drive dialogue and coordination across their supplier network and among their peers.

“Meticulously planning, investing in the right tools and running countless exercises are vital, but even so, nothing truly prepares you for the moment a real cyber event unfolds. The intensity, urgency and unpredictability of a live attack is unlike anything you can rehearse,” said Shirine Khoury-Haq, CEO of The Cooperative Group, which was hit by a massive ransomware attack in April that cost the group £206m. “What matters most is learning, building resilience, and supporting each other to prevent future harm. This is a positive step in the right direction for building a safer digital future,” she added.