Mapping cybersecurity risks to assess supply chain vulnerability from available data


Cybersecurity is one of the top-four issues mentioned by industry when it comes to supply chain risk. As information and data is increasingly shared across supply chains there are greater concerns about the need to understand and manage the risks of cyberattacks on an organisation’s supply chain. Addressing these issues will be critical to enabling increased collaboration across supply chains and is seen as one of the key concerns for data sharing.

Challenge Description

To understand supply chain vulnerabilities due to cybersecurity risk requires an understanding of the supply chain network, i.e. who is in your supply chain and whether they have exposure to cybersecurity risks.

In this challenge we are interested in testing whether supply chain cyber vulnerabilities and breaches can be found through available data whatever the source. We are aware that data mined from the dark web can identify cyber breaches and vulnerabilities within a company’s supply chain. This information can reveal  their exposure to data leaks, even when they may  not be aware of any breaches in their own business or supply chain. This will require both finding the data vulnerabilities and using these to build a picture of the potential supply chains and businesses exposed to these vulnerabilities. The ability to identify these vulnerabilities can then be offered as a service to industry.

Expected Outcomes

Taking a real example of a supply chain, demonstrate the potential cybersecurity vulnerabilities for that supply chain by using AI, machine learning or other digital approaches.

TRL level 4-5 demonstrator of the cybersecurity threats to a given supply chain and where those threats are likely to exist within the suppliers in that supply chain.

The focus should be on detecting potential breaches that could impact a businesses supply chain based on the weakest link approach.

Two dimensions should be considered:

  • The potential likelihood of a breach across a range of suppliers
  • The impact or severity of this for the business and supply chain