{"id":179910,"date":"2026-01-20T07:23:00","date_gmt":"2026-01-20T12:23:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/20\/why-the-uks-complex-supply-chains-create-cybersecurity-headaches\/"},"modified":"2026-01-20T07:45:24","modified_gmt":"2026-01-20T12:45:24","slug":"why-the-uks-complex-supply-chains-create-cybersecurity-headaches","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/20\/why-the-uks-complex-supply-chains-create-cybersecurity-headaches\/","title":{"rendered":"Why the UK\u2019s complex supply chains create cybersecurity headaches"},"content":{"rendered":"<p><a href=\"https:\/\/www.newcivilengineer.com\/opinion\/why-the-uks-complex-supply-chains-create-cybersecurity-headaches-20-01-2026\/\">Why the UK\u2019s complex supply chains create cybersecurity headaches<\/a><\/p>\n<p><a href=\"https:\/\/www.newcivilengineer.com\/opinion\/why-the-uks-complex-supply-chains-create-cybersecurity-headaches-20-01-2026\/\">https:\/\/www.newcivilengineer.com\/opinion\/why-the-uks-complex-supply-chains-create-cybersecurity-headaches-20-01-2026\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-20 07:23:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.newcivilengineer.com\">www.newcivilengineer.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>                                Cyberattacks in 2025 underscored the stark reality that the UK\u2019s economy is a high-value target for cyber criminals. With incidents across sectors making headlines and costing the country up to \u00a314.7bn annually, the urgency for cyber resilience is rising fast.<br \/>\nPaul Hingley is business manager for cyber security and safety services at Siemens UK &#038; Ireland<br \/>\nAt the heart of this challenge lies a uniquely British issue: the structure of our supply chains.<br \/>\nSMEs, which account for 99.9% of UK businesses, form the backbone of our economy, from precision manufacturers to infrastructure subcontractors. While this brings agility and innovation, it also creates a patchwork of varying cyber maturity \u2013 and that\u2019s where vulnerabilities emerge.<br \/>\nThe forthcoming Cyber Security and Resilience Bill has ambitions to close these gaps. For the first time, cybersecurity will become a compliance issue. And it will require critical service providers and their suppliers, including SMEs, to implement basic cyber hygiene, report breaches more frequently, and prove their resilience to regulators.<br \/>\nWhile the Bill\u2019s intent is to raise standards, it could feel overwhelming for smaller firms with limited budgets, time or in-house expertise. SMEs that take action now will be better prepared for compliance, while also being more attractive to buyers looking for cyber-secure partners.<br \/>\nKnow your bills and directives<br \/>\nTo keep adversaries at bay, the Bill\u2019s central message is clear: cybersecurity must be treated with the same seriousness as workplace safety \u2013 something that\u2019s currently being tackled by similar, EU legislation.<br \/>\nFor SMEs within the industrial supply chain, this marks a major shift. From 2026, the Bill is expected to impose new duties across the industrial supply chain including: the proactive management of cyber risk; elevating cybersecurity to become a compliance issue; and securing connected assets across their lifecycle.<br \/>\nThe final point is often a good starting point for SMEs shoring up their cyber security: map out all assets. Because you can\u2019t secure what you don\u2019t know you have.\t    <\/p>\n<p>The exact requirements of the UK\u2019s Cyber Bill are yet to be seen, but they\u2019re widely expected to align with EU legislation. We saw the EU CRA and NIS V2, EU directives and framework, come into law in October 2024, applying to critical infrastructure operators, manufacturers, machine builders and technology suppliers. It requires organisations to implement comprehensive risk management measures, report incidents within tight timeframes, and to secure supply chains with clear accountability at board level.<br \/>\nSetting the standard<br \/>\nCyber regulation can be complex \u2013 but achieving compliance doesn\u2019t have to be. The international standard IEC 62443 provides a clear, structured approach for industrial firms. Tailored to operational technology (OT) environments like factories, plants and utilities, it helps businesses secure systems, processes and products across the entire value chain.<br \/>\nUnlike generic IT standards, IEC 62443 accounts for legacy equipment, system integrators, component suppliers and end users. At Siemens, we adopt this standard, and we advise suppliers to do the same. It\u2019s a globally recognised pathway to building resilience by design.<br \/>\nMaintaining these baselines is an important part of any cybersecurity plan. The number of manual processes this involves can make it time-consuming, but as agentic artificial intelligence (AI) continues to develop it will be well placed to take on many of these important yet mundane tasks.<br \/>\nSo, as firms look for ways to ensure their operations are up to standard, powerful AI automation can play a key role in securing systems through continuous monitoring and the ability to automatically carry out vital updates.<br \/>\nCreating human firewalls<br \/>\nBut it\u2019s not just about physical systems \u2013 people are another asset that hackers will target.<br \/>\nGovernment data shows that 85% of those businesses that experienced a breach or attack in the year to June 2025 were victims of phishing attacks. The rise of AI and deepfake technologies are making these sorts of attacks increasingly sophisticated, meaning employee awareness has never been more important.<br \/>\nPhishing attacks are when criminals impersonate a trustworthy body like a supplier or even a colleague. They do this to trick a business\u2019 staff into sharing sensitive information or clicking a link that allows them to launch a Trojan attack on their IT systems.<br \/>\nRegular training and consistent messaging around security policies are therefore just as important as firewalls for firms looking to build up their cyber resilience, even if for some SMEs, finding the time and resource for such training can be hard to come by.<br \/>\nSafeguarding our infrastructure<br \/>\nThe coming regulations represent a real opportunity for firms across our infrastructure supply chains to shore up their defences.<br \/>\nThere are a whole host of businesses involved in the day-to-day running of our infrastructure, from the small widget manufacturer to the major multinational company. It\u2019s the smaller businesses that hackers will often seek to exploit, which is why cybersecurity standards need to be consistent to plug these vulnerability gaps.<br \/>\nThe good news is that SMEs can put themselves on the right footing to achieve this and align with policy changes, helping them to overcome cybersecurity headaches, win trust, secure new contracts and limit the potential for widespread disruption.<\/p>\n<p>Paul Hingley is business manager for cyber security and safety services at Siemens UK &#038; Ireland<\/p>\n<p>Like what you&#8217;ve read?\u00a0To receive New Civil Engineer&#8217;s daily and weekly newsletters click here.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Why the UK\u2019s complex supply chains create cybersecurity headaches https:\/\/www.newcivilengineer.com\/opinion\/why-the-uks-complex-supply-chains-create-cybersecurity-headaches-20-01-2026\/ Publish Date: 2026-01-20 07:23:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":179911,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.ca.emap.com\/wp-content\/uploads\/sites\/9\/2022\/10\/cyber-security-breach-hack-attack-560x315.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,30,24,31,25,27],"class_list":["post-179910","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-breach","tag-cybersecurity","tag-exploit","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/179910"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=179910"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/179910\/revisions"}],"predecessor-version":[{"id":179912,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/179910\/revisions\/179912"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/179911"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=179910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=179910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=179910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}