As the deadline for compliance with the EU’s Digital Operational Resilience Act (DORA) looms, research from Green Raven Limited reveals a concerning gap in confidence regarding supply chain cybersecurity. Despite rigorous preparations for DORA, a significant number of senior cybersecurity professionals, including those from the financial sector, continue to view their supply chains as the weakest link in their security frameworks.
The research conducted by Green Raven sheds light on the vulnerabilities that organisations face, even as they approach compliance with DORA. As of January 17, 2025, financial institutions engaged in cross-border operations with the EU must adhere to DORA’s stringent requirements, which aim to enhance operational resilience within the financial sector, particularly in the face of cyber threats. However, the survey results suggest that organisations are still struggling to address one of their most critical vulnerabilities: their supply chains.
Key Findings from Green Raven’s Survey
A survey conducted by Green Raven, through independent research firm Censuswide, interviewed 200 senior cybersecurity professionals across UK organisations with over 1,000 employees. Of the respondents, 21 were from financial entities engaged in cross-border operations with the EU, and 44% of all respondents expressed concerns over the vulnerability of their supply chain. For financial sector professionals, the figure was nearly identical, with 43% agreeing that their supply chain represented their most significant cybersecurity risk.
Morten Mjels, CEO of Green Raven Limited, commented, “It’s troubling that even after investing significant time and resources in preparing for DORA, such a high proportion of financial sector respondents still feel that their supply chain is their weakest point. This highlights the challenge of addressing third-party risk management effectively, despite the frameworks provided by DORA.”
The Impact of Third-Party Risk Management
Banks and financial institutions, which are specifically impacted by DORA’s provisions regarding ICT suppliers, remain highly focused on third-party risk management (TPRM). Among the cybersecurity professionals from such organisations, an even higher percentage (53%) acknowledged that supply chain security was their weakest link. This further underscores the significant concerns financial institutions have regarding their reliance on external suppliers and contractors for critical services.
Mjels noted, “While this doesn’t necessarily indicate a lack of confidence in their security strategies, it does highlight the fact that supply chains remain the primary area of concern. Financial institutions are especially aware of the vulnerability of third-party suppliers, which are a key focus of DORA’s mandates.”
The Need for Greater Focus on Supply Chain Cybersecurity
DORA will require organisations, especially financial entities, to take a deeper look at their supply chain cybersecurity practices. Green Raven is addressing this challenge by developing tools and solutions that enable organisations to effectively identify, understand, and manage their supply chain cybersecurity risks.
With cyber threats evolving constantly, it is becoming increasingly difficult for organisations to secure their entire network, especially as supply chains grow more complex and involve multiple third-party vendors. Organisations must now be proactive in their approach to supply chain security, ensuring that every external partner adheres to high security standards.
Green Raven’s Solutions for Supply Chain Security
Green Raven Limited offers a comprehensive Supply Chain Monitoring Service that utilises advanced cyber intelligence techniques to provide in-depth visibility and control over entire supply chain networks. These services are aligned with DORA’s objectives and are designed to help organisations manage third-party risks more effectively. By utilising cutting-edge technologies, Green Raven is helping organisations strengthen their cybersecurity resilience against threats that may arise from their supply chain.
Mjels concluded, “The challenges highlighted by our research underline the urgency for organisations to invest in sustainable, practical solutions to manage supply chain cybersecurity. With DORA coming into effect in January 2025, now is the time to ensure that all aspects of cybersecurity, especially in supply chains, are given the attention they deserve.”