IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Worried uk business professionals examining tangled digital network vendors risk
#
Digital Transformation
#
Supply Chain
#
Risk & Compliance

Low trust in third-party vendors weakens UK digital resilience

Yesterday
Author image
By Jed Nykolle Harme, Editor

Nearly three in ten UK risk managers say they currently lack sufficient trust in third-party vendors to effectively manage their most critical risks, according to research released by cybersecurity consultancy CyXcel.

The survey, conducted among 400 cybersecurity professionals across the UK and US, found that 27% of UK respondents do not have enough confidence in external partners to safeguard their organisations against key digital threats. This lack of trust is contributing towards greater risk factors and potential threats to business continuity.

Gaps in understanding

CyXcel's findings highlight that trust in third-party vendors is being undermined by deeper issues within organisations themselves. Over a quarter (28%) of UK survey participants reported that they do not fully understand the risks they are responsible for managing. This creates significant challenges when assessing the suitability and effectiveness of vendor partners.

Organisations are increasingly outsourcing areas including cyber incident response (26%), adoption of artificial intelligence (20%), and management of geopolitical risks (21%). However, the lack of both trusted external partners and internal clarity in risk management is leaving businesses vulnerable.

Growing threats such as AI-driven attacks, increased geopolitical instability, and evolving tactics from cybercriminals have made simple contracts and occasional vendor reviews insufficient. Instead, there is a need for continuously validated and intelligence-led partnerships, supported by real-time internal oversight.

Insufficient trust and oversight

"Organisations are stuck between needing external support and not having enough partners they truly trust. It's a tension we're seeing across sectors, and it's leaving risk ecosystems fragmented and vulnerable. Without stronger internal understanding, risk leaders are flying blind, placing responsibility in the hands of vendors they can't fully vet. What's needed now is a shift toward integrated intelligence, not just compliance checklists. Businesses must empower their teams to assess threats clearly and select partners confidently," said Megha Kumar, Chief Product Officer and Head of Geopolitical Risk at CyXcel.

Despite organisations making significant investments in risk management - between GBP £75,000 and GBP £100,000 per year on average - many are not confident in the effectiveness of these expenditures. Almost one in four risk managers (24%) say they feel overwhelmed by the scale and complexity of risks they must address.

These findings have prompted questions about whether organisations are outsourcing risk management as a strategic choice, or simply due to a lack of internal understanding of the risks involved.

"We see this pattern again and again. Organisations are handing over the keys to their digital resilience - but don't have the internal visibility to know if those partners are steering in the right direction. Risk managers are drowning in complexity, yet leaving the handling of the lifeboat to vendors they barely trust. Resilience doesn't start with spend; it starts with clarity. The more you understand the threat, the better equipped you are to evaluate who should be helping you manage it," said Ngaire Guzzetti, Technical Director – Supply Chain at CyXcel. 

The path to resilience

The research also explored how CyXcel's Digital Risk Management platform is aiming to address these challenges. The platform provides organisations with insights into digital risks, including those associated with AI, across various sectors. It is designed to enable organisations to identify risks precisely and implement appropriate policies and governance measures, drawing on expertise from cyber, legal, technical, and strategic domains.

The platform features real-time vendor assurance and remediation functions, supporting continuous evaluation of third-party partners. This is particularly relevant given increases in supply chain attacks and regulatory scrutiny on third-party risk management.

CyXcel's research demonstrates that while spending on risk management is high and outsourcing remains common, lack of trust and visibility continues to challenge organisations as they navigate an increasingly complex digital landscape. The findings suggest that the shift towards integrated risk intelligence and ongoing oversight is becoming essential to shore up digital resilience in the face of evolving threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Portugal’s data centre sector may add EUR €26.2bn to GDP by 2030
EXA Infrastructure unveils new fibre route linking FLAP cities
Saviynt MCP Server launches on AWS Marketplace for AI tools
KnowBe4 named a top workplace for 2025 in cybersecurity sector
Digital transformation projects see GBP £8m spend amid AI impact

Top stories

Netskope One DSPM now available via AI Agents on AWS Marketplace
Check Point launches Quantum Spark 2500 firewalls for SMB security
F5 enhances AI data protection with real-time leak detection tools
SALESmanago launches AI tools for faster multichannel campaigns
Mintivo reports 40% growth as it invests in people & tech