Every Link Matters:
The State of Supply Chain Security in UK Insurance 2025
90% of UK Insurers' security teams experienced at least one incident in their supply chain in the past year, while 10% experienced three or more
The UK insurance sector is a pillar of the national economy. But as the industry races to digitalise, its reliance on a vast ecosystem of third-party vendors and service providers has created an expanding web of vulnerabilities.
With 90% of UK insurance professionals reporting at least one supply chain cyber incident in the past year, and 94% ranking this threat among their top three concerns for 2025, the stakes have never been higher.
Our new report, "Every Link Matters: The State of Supply Chain Security in Insurance 2025 - UK Edition," provides a comprehensive analysis of the risks facing the sector. Based on a dedicated survey of cyber security and risk management professionals, this report is essential reading for anyone serious about safeguarding the future of the industry.
Learn about the scale of the threat facing the UK Insurance industry.
Gain insights into the greatest shortcomings with traditional TPRM and how they prevent TPRM from being more effective at reducing the risk of supply chain attacks.
62% organisations said that their TPRM function either only occasionally or rarely collaborate with their industry peers
Get a data-backed understanding of the supply chain cyber risk landscape, including the frequency of attacks and the most vulnerable points in the ecosystem.
Discover why legacy third-party risk management (TPRM) frameworks are no longer sufficient to address the scale and complexity of modern threats.
Learn how enhanced collaboration and information sharing can uncover systemic risks that are invisible to single organisations.
What you will learn:
📈 The Rise of Supply Chain Attacks
This section provides an overview of the global cyber landscape and its impact on the UK insurance sector. You will learn that the sector's reliance on technology and external partners has created a web of dependencies that are vulnerable to exploitation. IT service providers (26%) and cloud/SaaS vendors (22%) are perceived as the most vulnerable points in the supply chain.
🔍 Is Third-Party Risk Management Fit for a New Era?
This part scrutinises the effectiveness of traditional TPRM practices, which historically rely on static questionnaires and periodic assessments. While 54% of respondents report conducting continuous monitoring, a significant 46% still use quarterly, biannual, or less frequent reassessments, creating significant gaps in risk visibility. Other key shortcomings cited by respondents include the lack of visibility into supply chain dependencies and insufficient industry-wide collaboration.
🕸️ Supply Chain Visibility and Concentration Risks
Regulators are increasingly prioritising enhanced supply chain visibility and the identification of systemic risks. This section defines different types of concentration risks and highlights their potential for cascading impacts. You will discover that only 36% of survey respondents report full visibility into all tiers of their extended supply chain, leaving the majority of the sector exposed to unseen vulnerabilities.
🤝 How Collaboration Can Transform Supply Chain Resilience
This chapter explores how collaboration with industry peers can transform supply chain security. While nearly half (46%) of TPRM functions regularly collaborate with peers, barriers remain. The report provides a real-world example of how sharing supply chain maps on a collaborative platform enabled a community of financial services clients to uncover deep dependencies and mitigate systemic risks that would have been impossible to identify in isolation.
This report is essential reading for CISOs, risk managers, supply chain leaders, and anyone responsible for securing third-party ecosystems within the UK Insurance industry. It offers an unfiltered view into how cyber security and risk professionals across the industry perceive the growing threat from supply chain attacks and what they’re doing about it.
You’ll uncover why traditional, siloed TPRM approaches are no longer enough, and how a more collaborative model is already taking shape in highly regulated industries.
The report also explores how deeper collaboration between organisations is already enabling enhanced visibility across supply chains, revealing hidden dependencies and previously undetected systemic risks that could affect entire sectors. The report showcases how a community of peers was able to identify 92 potential concentration risks by collaborating on a single platform.
