Nearly a third of bosses report increase in cyber-attacks on their supply chains

Almost a third of bosses have reported an increase in cyber-attacks on their supply chains over the past six months, as the fallout from devastating hacks on corporate stalwarts including Jaguar Land Rover highlighted a growing threat to businesses.

Cyber threats have risen up the list of concerns for procurement managers at hundreds of companies worldwide across industries including manufacturing, energy and technology, according to a survey conducted in September by industry body the Chartered Institute of Procurement and Supply (Cips).

Recent hacks at companies including Marks & Spencer and the Co-op have cost them tens of millions of pounds, moving cyber resilience from the focus of businesses’ IT departments to a preoccupation of their boards and senior management.

Fears about the impact of geopolitical instability, including conflict in the Middle East, and the introduction of Donald Trump’s tariffs weighed on procurement bosses in the first half of the year, according to previous Cips surveys, which recorded the highest levels of short- and longer-term anxiety over supply chains.

However, cyber threats are now rivalling geopolitical shocks and tariff disputes as the biggest risk for members of the international trade association, which represents 64,000 member organisations in procurement and supply chains across 150 countries.

The survey found that 29% of managers reported companies in their supply chains had been attacked in recent months.

JLR’s factories have been closed and unable to produce vehicles for a month, after a cyber-attack that forced it to turn off computer systems in the UK, Slovakia, India and Brazil. The cost of a month of shutdown at Britain’s largest automotive employer has been estimated at about £120m in profits, or £1.7bn in lost revenues, according to David Bailey, a professor of business economics at the University of Birmingham.

In late September, the Japanese brewing group Asahi became the latest company to be forced to stop production in its domestic factories after a cyber-attack.

The company, which has 30 plants in Japan making beer, other drinks and food, said its order processing capabilities, as well as shipping and call centre operations, had stopped after a systems outage caused by the cyber-attack.

“The nature of global trade, the way we look at global supply chains and the digital supply environment are ever more interconnected,” said Ben Farrell, the chief executive of Cips.

“Organisations are increasingly enabled by other organisations. Gone are the days of thinking of an organisation as an entity operating in isolation.”

Recent high-profile cyber-attacks have served as a reminder to organisations to invest in robust digital defences, Cips said, to safeguard their own operations and retain consumer trust, leading them to look into how their own supply chains could be a target for hackers.