Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.
Green Raven Limited company logo

Omarketing Limited

Cheltenham, UK – 14th January 2025 – Adopting the provisions of the EU’s Digital Operational Resilience Act (DORA) has inspired negligible additional confidence in supply chain cybersecurity among senior cybersecurity professionals, research by consultancy Green Raven Limited indicates. UK financial entities engaging in cross-border operations with the EU must comply with DORA as of January 17th 2025.

Green Raven’s research, conducted for it by Censuswide, comprised a quantitative survey of 200 CISOs and senior cybersecurity professionals – specifically, those with responsibility for cybersecurity, cybersecurity teams and associated budgets in organisations of over 1,000 employees. This means that more than 10% of all UK organisations that employ at least 1,000 people were surveyed.

Of the 200 respondents, 21 were from financial entities. The results showed that:

● overall, 44% of respondents agreed with the statement “Our supply chain feels like the weakest element of our cybersecurity regime”
● among financial sector respondents, 43% agreed with the statement

Interpreting the research, Morten Mjels, CEO of Green Raven Limited, commented: “Our survey only addressed the biggest organisations in the UK, so it’s probable that all 21 of the financial organisations surveyed interact with the EU. So the standout observation for me is not the 43% proportion itself. It’s that - after all the preparations for DORA that they must have done - so many of them still feel their supply chains are their weakest link, and that the proportion is comparable to the full-sample proportion,” he explained.

“The responses of the other 57% of financial sector respondents might also beg a couple of questions. For example: if supply chain isn’t the weakest link in your cybersecurity regime then, given the low regard in which supply chain security is generally held, which link is it that’s worse than that? Or does it mean that they really got hold of their supply chain as they prepared for DORA and have real confidence in it,” he added.

Third-Party Risk Management (TPRM) is an issue on which banks, in particular, expend huge effort; the framework mandated by DORA also specifically addresses ICT suppliers. Green Raven’s research also notes that an even higher proportion of senior cyber professionals (59 of 111 surveyed, i.e. 53%) from such organisations say their supply chain is the weakest link of their cybersecurity regime. It’s important to note that this doesn’t imply low confidence levels - but it may be of concern to DORA-impacted financial institutions that supply chains remain the most prominent cyber risk identified by what are likely to be third-party suppliers to the financial sector.

“DORA will force not just financial organisations but organisations in general to look more closely at identifying, understanding and addressing supply chain cybersecurity risk. This process is something for which we've been developing specific tools and solutions that make it possible, practical and sustainable," said Green Raven's Mjels.

Green Raven Limited is a specialist cybersecurity consultancy and reseller, applying decades of track record, experience and knowledge to bring together customers and cybersecurity solution providers. Its Supply Chain Monitoring Service leverages advanced cyber intelligence techniques and cutting-edge technologies to provide comprehensive oversight of an entire supply chain network – a key objective of DORA.

[ends]

Notes to editors

Green Raven Limited commissioned research specialists Censuswide to survey 200 senior cybersecurity professionals, all of whom are [a] CISO/director/head/manager of [in] their organisation's cybersecurity team, at a UK organisation with at least 1000 employees. There are 1,960 organisations in the UK that employ at least 1,000 people, meaning the survey reached more than 10% of all organisations in scope. The survey was conducted at the end of October 2024. Read the report here.

About Green Raven Limited

Based in Cheltenham, UK and covering EMEA, Green Raven Limited is a specialist cybersecurity consultancy and reseller, applying decades of track record, experience and knowledge to bring together customers and cybersecurity solution providers. In particular, Green Raven is a white-label partner for Darkscope, the world’s premier predictive cyber threat intelligence for enterprises. Green Raven’s implementation of Darkscope’s unique, award-winning, AI-powered portfolio of solutions spots cyberattacks that others can’t, and before they take place – so those responsible for cybersecurity can reinforce their cyber defences where they know they’re about to be needed.

Media contacts

Rose Ross/Sarah Olney Ross
rose@omarketing.com / sarah@omarketing.com


Links:

research by consultancy GreenRavenLimited

GreenRaven’sresearch

Green Raven Limited commissioned research specialists Censuswide

Read the report here

Based in Cheltenham, UK and covering EMEA, GreenRavenLimited

This press release was distributed by ResponseSource Press Release Wire on behalf of Omarketing Limited in the following categories: Business & Finance, Public Sector, Third Sector & Legal, Manufacturing, Engineering & Energy, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.