New research shows that 43 per cent of MSPs and their customers experienced a cyber incident linked to a supplier or third-party vendor during the last year.
CyberSmart’s 2026 MSP Survey found that MSPs are increasingly being targeted because their access to customer systems can provide a route into multiple organisations. More than half of supply chain incidents involved the MSP as well as the customer.
The survey also found that only 45 per cent of MSPs continuously monitor third-party risk. CyberSmart CEO Jamie Akhtar warned that “a single weak link can have far-reaching consequences for customers, suppliers and partners”.
The findings come as MSPs prepare for the UK’s Cyber Security and Resilience Bill, which will increase scrutiny of supply chain security.
Businesses can reduce their exposure by reviewing supplier security, limiting third-party access, and monitoring supply chain risks on an ongoing basis.