The geopolitical landscape is becoming ever more uncertain and volatile, and the speed of the changes transpiring would have been unthinkable only a few years ago. The increasing political tensions and worsening trade wars are anathema to continued globalisation and a highly interconnected world economy. Access to critical raw materials, supply chains as well as trade and financial flows are among the new weapons of choice being utilised in this worsening global standoff, which is trending fast towards a new bifurcation of world order. It remains to be seen whether we will see a new type of bipolar world order as during the Cold War, a new multipolarity based on a range of geopolitical, trading and currency blocs, or whether we will just experience an extended period of growing fragmentation.
All of this also makes our digital supply chain dependencies more vulnerable than ever to disruption and exploitation. Threat actors are preying on uncertainty and vulnerability, particularly in corporate supply chains where weaknesses in cyber-defences can often be more readily found. Given today’s complex digital supply chain relationships, supply chains have become a critical focus area for risk management and mitigation. In this article, we examine the fast-changing threat landscape facing organisations of all sizes, and explain the implications for supply chain cybersecurity and third-party risk management.
In today’s shifting geopolitical landscape, long-established foundations and alliances have been put into question. The new US administration appears to be considering a u-turn on Ukraine, leaving many European leaders wondering how to respond and what to do next, while the new round of tariffs has put further oil in the fire of the long-simmering global trade wars.
Since his inauguration, President Trump has implemented 25% tariffs on global aluminium and steel imports; a blanket 25% tariffs on all imports from Canada and Mexico, with the exception of Canadian energy products that had tariffs of 10% imposed on them. Moreover, the US has raised 10% tariffs on all imports from China, which has just recently been raised to 20%.
In turn, Canada announced new tariffs on over $20 billion worth of US imports, targeting steel, aluminum, tools, computers, and sporting goods. This is in addition to the 25% tariffs imposed earlier in March. The EU plans to impose retaliatory tariffs on $28 billion worth of US goods starting April 1, 2025, while China retaliated with tariffs of 15% on coal and liquefied natural gas, and 10% on oil and agricultural machinery, effective February 10, 2025. On March 4, 2025, China announced additional tariffs on US agricultural products, including chicken, wheat, corn, and cotton. China has also added two US companies to its ‘unreliable entity list’ and launched an anti-trust investigation into Google.
For the UK and other European countries, the global outlook is uncertain and the future direction unclear.
Geopolitical and geo-economic turbulence bring with it an increased risk of supply chain disruption. The ongoing conflicts in Eastern Europe, the South China Sea and around the Red Sea pose significant physical threats to supply chain operations, as well as to global stability. Events in any of these conflict areas have the potential to seriously inhibit the supply of critical resources.
Similarly, tariffs and counter-tariffs are forcing companies to re-evaluate their supply chains and potentially shift reliance away from suppliers in highly sanctioned jurisdictions. These include the obvious candidates, such as Russia, China and allies, but could also include countries tempted by BRICS membership, including those in Africa and South-East Asia. For any organisation, changing sources of supply is always disruptive. Quickly switching to alternative suppliers or adopting dual sourcing in response to global events can inadvertently introduce new security risks into the supply chain.
Global conflicts and diplomatic divisions are often the catalyst for an increase in cyber-attacks. Criminal groups sympathising with certain ideologies, or state-sponsored threat actors, pose a significant threat to organisations worldwide. Frequently, their attack paths are via organisations’ or sectors’ supply chains, where defences may be weaker. Recent high-profile examples of state-related attacks against critical national systems include Chinese hackers breaching a third-party vendor for the US Treasury Department in December 2024, gaining access to more than 3,000 unclassified files. Britain’s Ministry of Defence was attacked in May 2024 by Chinese hackers who targeted a third-party contractor to access personal details of members of the armed forces. In November 2023, Russian hackers attacked 22 Danish power companies to gain access to the country’s decentralised power grid.
In response to this growing threat, governments around the world have introduced strict new legislation to boost supply chain cybersecurity and operational resilience. The new rules include the EU’s Digital Operational Resilience Act (DORA) and Network and Information Systems Directive 2 (NIS2), the UK’s Critical Third Parties (CTP) Regime or the upcoming UK Cyber Security and Resilience Bill. All of these regulations impose significant compliance burdens on organisations to demonstrate that their critical suppliers have strong defences in place to not pose a risk to their clients, or even to the stability of entire sectors. The need to monitor and manage suppliers and vendors across complex digital supply chains in order to maintain compliance places a considerable third-party risk management burden on organisations.
Critical to protecting organisations and their systems from cyber-attack is the way data is hosted, processed and shared. Sensitive data needs to be protected from cyber-attack both in storage and in transit, meaning the cybersecurity standards of all companies in a supply chain need to be scrutinised and maintained at the highest level. The intricate, integrated nature of digital supply chains means that organisations have potentially thousands of connections with companies in their networks – any of which could provide an entry point for cybercriminals.
Ever-changing global relationships mean that organisations can no longer rely on a few critical suppliers. Diversification and dual-sourcing is the key to avoiding over-reliance on suppliers in countries that may become unreliable or sanctioned.
Risk management teams need to maintain a watching brief on geopolitical events. Given the fast-changing situation, companies need to monitor shifts in allegiances and understand the implications for their suppliers in different regions, so they’re able to respond effectively to any disruption or trade restrictions. For the same reason, organisations should also monitor industrial policies, subsidies, tax incentives or market access restrictions that may affect suppliers.
Now is a good time to develop robust contingency plans, to be enacted in the event of any potential restrictions that impact access to products or services – including digital services hosted overseas. Contingency plans should include processes to follow in the event of a data breach or cyber-attack that undermines service delivery. This includes preparing for the type of widespread global disruption that was caused by the CrowdStrike incident.
Visibility of supply chain dependencies has become critically important in the changing global order. If organisations cannot see or monitor their critical third-party suppliers as well as the suppliers beyond those third parties, they could be exposed to significant risks that they are not even aware of. Ideally, organisations should be able to assess and monitor the security posture of all supply chain members, whether direct suppliers and vendors or more remote connections. Such visibility enables risks to be identified, monitored and mitigated, wherever they are in the supply chain – improving transparency and enabling traceability of risk throughout the supply network.
In today’s uncertain climate, governments are focusing on national security and protecting trade and investment – meaning organisations will need to adapt accordingly. Geopolitical tensions and escalating trade wars – accompanied by growing cybersecurity threats – mean that organisations worldwide need to focus on supply chain security and resilience.
To adapt to the fast-changing global developments, organisations need to:
Key to securing supply chains in a more volatile marketplace is knowing more about your suppliers through effective third-party risk assessment, monitoring and management. Risk Ledger is a cutting-edge third-party risk management platform that empowers security and procurement teams to Defend-as-One by visualising and managing their entire supply chain in real-time. Our collaborative approach enhances supply chain security, reduces compliance burdens, and strengthens organisations’ defence, because every link matters in cybersecurity.
Risk Ledger works like a social network, where security teams at organisations are connected with the security teams of their suppliers at all times. Suppliers complete one risk assessment and keep this up to date, and then share this with all their connected clients on the platform. Many suppliers are also using the platform in the capacity as a client assuring the security of their own supply chains as well. This creates the important middle links that allow Risk Ledger to map out organisations’ extended supply chain dependencies, far beyond third parties.
Risk Ledger can thus provide a unique visualisation of the wider supply chain ecosystem – including all the interdependencies and connections beyond immediate critical suppliers. This enables areas of concentration risk to be identified so that efforts to enhance resilience can be focused in these areas. Risk Ledger also generates alerts whenever there is a security breach or incident at any of the connected organisations – providing an early warning of potential supply chain impacts. In addition, sophisticated risk-scoring algorithms and reporting dashboards give participants real-time views into their exposure to third-party risk.
The far-reaching supply chain insights and intelligence provided by Risk Ledger, together with real-time supply chain monitoring capabilities, give organisations the tools they need to manage and mitigate risks effectively in uncertain times.
Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.
