The NHS Test and Trace programme has signed UK risk management specialist Risk Ledger to proactively get to grips with cyber security risks in its supply chain, and mitigate the risks the NHS and other critical national infrastructure (CNI) organisations see emanating from supply chain cyber attacks, such as those perpetrated against the likes of Accellion, Microsoft and SolarWinds.
With a core mission of tracking and helping prevent the spread of Covid-19 in the UK, NHS Test and Trace will take advantage of Risk Ledger’s secure “social network” USP – which enables organisations to connect and share risk data securely and at speed, getting “unparalleled” levels of visibility into the supply chain, and a wide-ranging, comprehensive dataset to identify, measure and mitigate risk at scale. Risk Ledger claims it can do this for about 60% less per-supplier cost than more traditional risk management tools.
Digital infrastructure minister Matt Warman said the engagement was a demonstration of Westminster’s ambition to “build back better” in a post-Covid-19 world.
“The government is working tirelessly to secure the nation online and grow the UK’s £8.9bn cyber security industry as we build back better from the pandemic,” he said.
“We are helping SMEs develop innovative products and services and it’s great to see Risk Ledger, one of the firms we have supported, win this contract to protect the Test and Trace system and support the national effort against coronavirus.”
Risk Ledger CEO and co-founder Haydn Brooks said: “NHS Test and Trace is essentially the biggest new startup in the UK healthcare market, so we are delighted they have chosen to take advantage of our ability to provide enhanced visibility of their supply chain risks. I am proud we will be part of the effort to secure this incredibly important supply chain.
“Healthcare organisations and their supply chains handle lots of highly sensitive data and have a high rate of data breaches. We have already seen during the Covid-19 pandemic that bad actors are actively targeting supply chains to access data and cause disruption.”
Founded in 2019 and backed by a number of venture capital outfits and startup programmes, including the London Office for Rapid Cybersecurity Advancement (Lorca), Risk Ledger is on a mission to eliminate pain points in third-party risk management, and improve how organisations approach cyber security and information management in their supply chains.
A past winner of the National Cyber Security Centre’s Cyber Den competition, its existing customers include the City of London Police, Norwegian state telco Telenor, charity Mencap, fashion retailer Asos and unified comms specialist Gamma.
Read more about supply chain security
- Amid concerns that too few companies are addressing vulnerabilities in their supply chain, DCMS is opening a consultation on new measures to enhance security.
- In an RSA Conference keynote, Anne Neuberger, deputy national security adviser for cyber and emerging technology, said security requires a major “mindset shift”.
- Following the devastating SolarWinds breach, IT leaders should renew their focus on third-party risk management. Start by implementing supply chain security best practices.