07/09/2025 | News release | Distributed by Public on 07/09/2025 01:18
In an increasingly interconnected world, the digital supply chain is no longer just a technical concern - it's a strategic imperative. As geopolitical tensions rise and trade becomes more digitised, the security of our digital infrastructure is now directly tied to national resilience, economic stability, and international trust. Just like our experience of the global pandemic, digital infections can move silently, across borders, and can disrupt global systems and services.
I've seen first-hand how cyber threats targeting supply chains can ripple across industries and borders. As threat actors move with impunity from sector to sector without any geographical boundaries to hold them back, exploiting inherent weaknesses in supply chain outsourcing, an indirect route with deep supplier networks to the knock-on effects on consumer and public services, the risks are real - and growing.
Recent high-profile incidents, such as the retail giant M&S, global airline Quantas, and one of the largest banks in Europe UBS, all victims of supply chain attacks, which shows how a single vulnerability can cascade across global systems, and impact millions of citizens with a price tag to match.
The implications go far beyond IT. When the NHS was hit by a ransomware attack on a third-party provider, it wasn't just a cybersecurity issue - it became a national health emergency. In today's world, a compromised supply chain can disrupt everything from healthcare to financial services to international trade.
The lines between trade, technology, and security are blurring. Cybersecurity is no longer just about protecting data - it's about safeguarding the flow of goods, services, and trust across borders.
Supply chain attacks exploit the very systems that enable global trade - cloud platforms, APIs, identity providers - and turn them into vectors for disruption. Because these systems are often shared across industries and nations, the impact is rarely contained.
This is why digital trust is now a cornerstone of international trade policy. The global threat landscape demands shared responsibility, interoperable standards and open cooperation to build digital supply chains that are resilient by design. A secure, and resilient digital infrastructure is essential to economic competitiveness and cross-border trade.
Countries around the world are waking up to the systemic risks posed by supply chain cyber-attacks. Yet we have globally fragmented cybersecurity laws, incident response disclosure mandates, and enforcement priorities which fail to enact a genuine coordinated incident response. For example, the EU NIS2 Directive and the US cyber incident reporting for critical infrastructure, alongside the proposed UK cyber resilience bill, all differ in scope and reporting timelines. That's not helpful or progressive in my opinion.
This lack of standardisation leads to slower detection, inconsistent mitigation, and poor attribution, the global community must do better, no one enterprise or government secures the global digital supply chain alone.
To build a more resilient digital ecosystem. But we must go further - embedding cybersecurity into the very fabric of trade agreements, procurement policies, and digital infrastructure planning.
The good news? The risks associated with many supply chain attacks can be reduced. A few key practices can dramatically mitigate the risk:
But technical controls alone aren't enough. We need a mindset shift - one that treats cybersecurity resilience as a core component of trade policy and economic strategy.
As technology evolves, so do its threats. Quantum threats are on the horizon, but there is no evidence of post quantum crypto supply chain attacks yet, although this is a real issue. At present we are seeing signs of:
Staying ahead of these threats will require continuous innovation, international collaboration, and a cohesive commitment to digital resilience, beyond voluntary codes of practice.
Securing digital trade is not just possible - it's essential. Much of the worlds trade is digital, from communication, payments, logistics and customs. One compromised vendor can paralyse ports, hijack contracts or leak IP. When digital trade grows, so does the attack surface. Secure by Design platforms, trusted vendors, and proven code should be non-negotiable.
As we navigate tech, trade, and security, one thing is clear to me, trade doesn't just move in containers, it moves in code, our entire trade flow depends on invisible software and digital supply chains. If the software in your trade pipeline can't be verified, it can't be trusted, and if it can't be trusted we are all exposed!
For many more insights and resources, head over to QA.com (UTM: https://www.qa.com/resources/blog/?utm_source=techuk&utm_medium=publisher&utm_campaign=TECHUK-CAMPAIGN-WEEKS_QAUK_B2B_UK_FY26_AO&utm_content=techuk-website)
techUK supports members with their international trade plans and aspirations. We help members to understand market opportunities, tackle market access barriers, and build partnerships in their target market. Visit the programme page here.
New techUK report outlines key policy recommendations to boost the UK's growth through the tech sector amid global challenges, emphasising resilience, trade leadership, and strategic investment.
Read more
Sign-up to get the latest updates and opportunities from our International Policy and Trade programme.
Download
techUK members can get involved in our work by joining our groups, and stay up to date with the latest meetings and opportunities in the programme.
Learn more
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.
Learn more
Associate Director - International, techUK
Policy Manager for International Policy and Trade, techUK
Policy Manager for International Policy and Trade, techUK
Dan joined techUK as a Policy Manager for International Policy and Trade in March 2023.
Before techUK, Dan worked for data and consulting company GlobalData as an analyst of tech and geopolitics. He has also worked in public affairs, political polling, and has written freelance for the New Statesman and Investment Monitor.
Dan has a degree in MSc International Public Policy from University College London, and a BA Geography degree from the University of Sussex.
Outside of work, Dan is a big fan of football, cooking, going to see live music, and reading about international affairs.
Email: [email protected]Policy Manager - EU, techUK
Head of Market Access and Consumer Tech, techUK
Team Assistant, Policy and Public Affairs, techUK
Director of Cyber, QA Ltd
Read lessmore