By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept

Identifying Concentration Risks in Financial Services Supply Chains

Supply chain cyber attacks are rising, exposing financial institutions to risks hiding deep in their supply chains.

Despite regulatory mandates, firms struggle to map and analyse their extended supplier ecosystems, leaving both individual organisations and the broader financial system vulnerable.

In a trial project with just six financial institutions, nearly 1,300 suppliers were identified, exposing deep interdependencies across their supply chains. Despite the small number of participants, 47 potential systemic concentration risks emerged, none of which would have been visible to any firm on its own.  

This project's findings demonstrate that true cyber resilience and effective third-party risk management can only be achieved through industry-wide collaboration.

Download the Report today.

National Health Service
BAE Systems
British Airways
Telenor
UK Power Networks
Beazley
Civil Aviation Authority
Village Hotels
SGN
Succession Wealth
Admiral
First Sentier Investors
Welsh Water
United Utilities
Simply Business
Times Higher Education World University Rankings
City Fibre
Go Ahead
Pennon
Govia Thameslink Railway
Allica Bank
Schroders Personal Wealth
Anglian Water
Octopus Investments
Gnatta
Synectics Solutions
PR Gloo
UK Health Security Agency
Manchester Police
Department for Environment & Rural Affairs
Grant Thorton
Police Digital Service
Cheshire Constabulary
Westminster Council
Southern Water
Yorkshire Water
Portsmouth Water
Thames Link
Upvest
Crowe
Zenseact
National Health Service
BAE Systems
British Airways
Telenor
UK Power Networks
Beazley
Civil Aviation Authority
Village Hotels
SGN
Succession Wealth
Admiral
First Sentier Investors
Welsh Water
United Utilities
Simply Business
Times Higher Education World University Rankings
City Fibre
Go Ahead
Pennon
Govia Thameslink Railway
Allica Bank
Schroders Personal Wealth
Anglian Water
Octopus Investments
Gnatta
Synectics Solutions
PR Gloo
UK Health Security Agency
Manchester Police
Department for Environment & Rural Affairs
Grant Thorton
Police Digital Service
Cheshire Constabulary
Westminster Council
Southern Water
Yorkshire Water
Portsmouth Water
Thames Link
Upvest
Crowe
Zenseact
Network Trace

What you will learn in this report

Overview

The key challenges with traditional TPRM and why it is no longer enough, the project objectives in detail and how they relate to new operational resilience regulations such as DORA, and what concentration risks are.

Key findings

How risk Ledger mapped out the extended supply chain dependencies of the participants from the 395 third parties provided, and what we discovered in terms of potential concentration risks at 3rd, 4th and nth party levels.

Challenges

The key challenges participants faced when individually trying to identify concentration risks in their supply chains, and how these can be overcome in future projects.

Recommendations & conclusions

Here, we suggest some recommendations for how concentration risks can be more effectively identified through leveraging the power of TPRM programmes and enhanced industry-wide collaboration.

Trapezoid
Pattern Trapezoid Mesh

Defend your supply chain with Risk Ledger.

Book a demo
© 2026 Risk Ledger Ltd
CookiesPrivacy PolicyTerms of ServiceSecurity ProfileVulnerability Disclosure Policy