Keep in touch
Keep in touch. Submit your details to stay up to date with all the latest news, views and insights from North:
Smarter Supply Chain Resilience
In 2025, the weakest link in an organisation’s security is likely to be its supply chain. Recent data revealed the sobering reality that third-party breaches have doubled since April 2025.
A recent report estimated 80% of all cyber attacks now involve a supplier or vendor. For organisations managing increasingly complex integrated technology environments, this represents a fundamental shift in how security is approached.
The cost of complacency is staggering. Supply chain attacks are projected to cost businesses £60 billion globally in 2025 alone, with high-profile UK incidents, such as the Jaguar Land Rover breach, resulting in £120 million in lost profits and £1.7 billion in revenue disruption, in just one month. These aren’t isolated incidents; they are the new normal in our interconnected digital ecosystem.
The IT/OT Convergence Challenge
What makes this threat particularly acute is the accelerating convergence of Information Technology (IT) and Operational Technology (OT). Organisations now operate environments where physical security systems, such as access control and video surveillance, building management, and network infrastructure, are no longer siloed; they’re interconnected.
Traditional IT security approaches fall short in these converged environments. Physical security systems, often built on legacy OT platforms, weren’t designed with cybersecurity as a priority. So, when these systems are connected to corporate networks, the attack surface expands exponentially.
Supply Chain Resilience
Multiple recent surveys confirmed that UK security professionals see a lack of visibility into their supply chain as a primary shortcoming. When your access control system, video surveillance, network infrastructure, and IoT devices all come from different vendors, you’re not just managing technology – you’re managing risk.
The solution isn’t to avoid integration, but to demand resilience from the partners you work with. In a time where a single compromised device can become a gateway to your entire network, selecting the right supply chain partner is critical.
The partners you choose to work with should demonstrate a robust understanding of the convergence between physical and cyber security, recognising that every access control reader, camera, and IoT device represents both an operational asset and a potential attack. They should also provide end-to-end visibility, ensuring nothing operates in isolation or outside of your security perimeter.
The Partnership Difference
Most critically, you should look for partners who treat security as foundational and can prove it through recognised accreditations. Certifications like Cyber Essentials Plus and ISO 27001 aren’t just compliance checkboxes – they’re evidence of systematic, audited security practices. Cyber Essentials Plus demonstrates robust technical controls and independent verification. ISO 27001 signals a comprehensive Information Security Management System that continuously identifies, manages, and mitigates risks. It’s also vital to work with partners who have strong knowledge of ISA/IEC 62443 and its principles for Operational Technology (OT) governance, ensuring the protection, resilience, and secure integration of systems.
Equally important is partnering with organisations that understand the regulatory landscape you operate within. Whether you’re a public sector organisation or data centre operator working to the Cyber Assessment Framework (CAF), preparing for NIS2 requirements, protecting Critical National Infrastructure (CNI) and anticipating the forthcoming Cyber Security and Resilience Bill. Or a Defence organisation adhering to Secure by Design principles, working with a partner who understands these frameworks, will help you navigate compliance and build resilience.
