Guidance for organisations to build supply chain resilience against ransomware

Product Description

Members of the Counter Ransomware Initiative and its Private Sector Advisory Panel are joining together to issue guidance for organisations on building resilience in their supply chains against ransomware threats.

The guidance aims to reduce the likelihood of a ransomware incident having a critical effect on an organisation by:

• Raising awareness of the ransomware threat across an organisation’s supply chain
• Promoting good cyber hygiene to protect supply chains
• Ensuring supply chain vulnerabilities are factored into an organisation’s risk assessment and decisions, including on procurement
• We recommend organisations review the following guidance and consider implementing the recommendations in collaboration with supply chain operators, both existing and future. The aim is to ensure organisations do not leave supply chains vulnerable to ransomware attacks.
• Being prepared for any incident is key and will help lessen the impact if one happens. In 2024, the CRI, alongside insurance bodies, published guidance for organisations during ransomware incidents. This guidance is designed to build on this 2024 product, being specifically targeted at organisations and their supply chains.
• This guidance is non-binding in nature and does not override specific laws and regulations, or national level cyber security guidance, that may apply across CRI member jurisdictions.