What’s putting your business at risk?
Cyber Quiz:
A) Your customers
B) Your customers’ suppliers
C) Your own suppliers
D) All of the above
Correct answer: D. All of the above.
Jaguar Land Rover suffered a serious cyber attack that exposed a vulnerability in their supply chain. Because JLR itself was compromised, the effects rippled through the business and beyond, disrupting production, impacting partners and delaying supplier payments.
That event offers a stark lesson for all businesses: you don’t just need to worry about your own security—you need to worry about your customers’ security, and their customers’ too.
It’s a domino effect
Here’s the scenario.
- You provide services or products to Client A.
- Client A in turn relies on Supplier B, Supplier C, or even a chain of further suppliers.
- One link in that chain, say Supplier C, suffers a cyber incident.
- The disruption affects Client A’s operations.
- You feel the impact, delayed delivery, inability to fulfil orders, reputational damage, or even losing your contract entirely.
In extreme cases, the disruption could hit a large customer that represents a substantial share of your revenue. If that customer pulls out, the financial damage can be existential. All because a supplier several steps removed failed to take cyber security seriously.
You didn’t cause the breach. But you still suffer the consequences.
Ask the tough questions
So how do you protect yourself? You start by embedding cyber resilience into your commercial relationships. Some ideas:
Know your customers’ customers
Don’t just service your direct clients. Ask them: Who are your key customers? Who else do you depend upon? Understanding their supply chain gives you foresight into where vulnerabilities may lie.
Require cyber safeguards as a condition of doing business
If a supplier wants to work with you (or your client), insist they demonstrate basic cybersecurity hygiene. In the UK, Cyber Essentials is a credible benchmark. You could require your suppliers (or your clients’ suppliers) to hold it (or equivalent) certification if they want to do business with you.
Include contractual obligations for cyber resilience
In contracts or service agreements, include clauses that require suppliers to notify you immediately of breaches, to maintain certain standards, to allow audits, or to mitigate risk for third parties downstream.
Audit (or spot?check) your supply chain
Wherever practical, carry out security due diligence. This doesn’t necessarily mean deep forensics, but at least verify that key suppliers are applying patching, access controls, backups, and basic cybersecurity procedures.
Educate your clients and partners
Many businesses don’t think in terms of supply chain risk. You can position yourself as a trusted advisor by helping clients understand why their own suppliers matter, and helping them build security policies upstream.
Cyber Essentials isn’t optional anymore
Following the JLR breach, Chris Bryant MP called Cyber Essentials:
“…highly effective in preventing common attacks, reducing the likelihood of a cyber insurance claim by 92%.”
It’s not just a certificate, it’s a commercial signal that your business takes cyber seriously. And increasingly, it’s becoming a requirement in contracts, tenders, and supply chain policies.
What Can You Do?
At nTrust, we help UK SMEs:
- Get certified with Cyber Essentials
- Assess supply chain risk
- Strengthen resilience through practical, affordable security steps
So, what’s your next move?
A) Ignore it and hope for the best
B) Contact nTrust for a free, no-obligation discussion
C) Ask your suppliers to do the same
Our mission is to make sure your business, and everyone you depend on, is prepared.
Give us a call on 03331 50 60 70 or send us a message.
