Supply Chain Cyber Risks Surge for MSPs, New Research Reveals
A recent survey by CyberSmart highlights the growing threat of supply chain cyberattacks targeting managed service providers (MSPs) and their customers. Conducted by OnePoll, the 2026 MSP Survey polled 350 MSP leaders across the UK and Ireland, revealing that 43% of MSPs and their clients experienced a cyber incident linked to a third-party vendor in the past year.
Of those affected, 39% reported impacts on customers only, 16% on the MSP alone, and 39% on both, meaning over half (55%) of incidents involved the MSP directly. Despite this risk, 55% of MSPs do not monitor supply chain threats, with 37% assessing risks quarterly and 11% annually.
Key challenges include enforcing security contracts (39%), third-party risk monitoring (37%), and the cost of securing supply chains (36%). CyberSmart CEO Jamie Akhtar noted that MSPs’ privileged access makes them prime targets, as a single breach can compromise multiple organizations.
The survey also examined readiness for the UK’s Cyber Security and Resilience Bill (CSRB), introduced in November 2025, which imposes stricter regulations on MSPs. While 96% of respondents feel somewhat prepared, only 45% claim full readiness. Concerns include skills gaps (41%), unclear customer expectations (41%), and undefined liability (42%).
Despite these challenges, 77% believe the CSRB adequately addresses supply chain risks. MSPs called for clearer guidance (54%), stronger liability protections (52%), and tailored regulatory frameworks (51%) to improve resilience. Akhtar emphasized the need for shared responsibility and continuous risk visibility to strengthen defenses.
Source: https://www.itpro.com/security/msps-grow-wary-over-supply-chain-security-threats
CyberSmart cybersecurity rating report: https://www.rankiteo.com/company/cybersmartuk
"id": "CYB1781282209",
"linkid": "cybersmartuk",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '43% of surveyed MSPs and '
'clients',
'industry': 'IT Services, Technology',
'location': 'UK and Ireland',
'name': 'Multiple MSPs and their clients',
'type': 'Managed Service Providers (MSPs) and '
'Customers'}],
'attack_vector': 'Third-party vendor compromise',
'description': 'A recent survey by CyberSmart highlights the growing threat '
'of supply chain cyberattacks targeting managed service '
'providers (MSPs) and their customers. 43% of MSPs and their '
'clients experienced a cyber incident linked to a third-party '
'vendor in the past year.',
'lessons_learned': 'MSPs’ privileged access makes them prime targets for '
'supply chain attacks. Continuous risk visibility and '
'shared responsibility are critical for defense.',
'post_incident_analysis': {'corrective_actions': ['Improve third-party risk '
'monitoring',
'Enforce security contracts '
'with vendors',
'Address skills gaps and '
'regulatory readiness'],
'root_causes': ['Lack of supply chain threat '
'monitoring (55% of MSPs do not '
'monitor)',
'Challenges in enforcing security '
'contracts (39%)',
'High cost of securing supply '
'chains (36%)']},
'recommendations': ['Clearer regulatory guidance for MSPs',
'Stronger liability protections',
'Tailored regulatory frameworks',
'Enhanced supply chain risk monitoring',
'Enforcement of security contracts with third-party '
'vendors'],
'references': [{'source': 'CyberSmart 2026 MSP Survey'}],
'regulatory_compliance': {'regulatory_notifications': 'UK’s Cyber Security '
'and Resilience Bill '
'(CSRB) readiness '
'concerns'},
'stakeholder_advisories': 'MSPs should prepare for the UK’s Cyber Security '
'and Resilience Bill (CSRB) and address skills '
'gaps, unclear customer expectations, and liability '
'concerns.',
'title': 'Supply Chain Cyber Risks Surge for MSPs',
'type': 'Supply Chain Attack'}