Strengthening the UK regulatory framework: enhancing cybersecurity in supply chains
Strengthening the UK regulatory framework: enhancing cybersecurity in supply chains
The increasing risks associated with cybersecurity in global supply chains present a significant problem, threatening the operational integrity and security of organisations on a global scale. The UK’s Network and Information Systems (NIS) Framework, although fundamental in cybersecurity regulation, has significant gaps in effectively addressing the complexities of contemporary global supply chain architectures entangled with quickly advancing cyber threats. In this work, we analyse the UK NIS framework, identify key gaps, and propose solutions drawn from other existing frameworks, e.g., US NIST, EU NIS2. We base this analysis on a comparative evaluation using defined criteria related to supply chain coverage, adaptability, and risk management specificity. We enhanced the cybersecurity in supply chains by proposing novel security requirements plans for each risk profile. Furthermore, we examined various solutions for risk assessments and self-risk assessments for supply chain security. We analysed practical risk assessment approaches, including self-assessment strategies, particularly suited for SMEs. Moreover, we investigated the contracting between supply chains in the context of data and information sharing.
Gokkaya, Betul
7c7964ae-106f-4f4f-8ea4-01fb4c65caac
Spanaki, Konstantina
bd7cf80d-ce07-4b50-a8c9-b064daae8d32
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e
2 September 2025
Gokkaya, Betul
7c7964ae-106f-4f4f-8ea4-01fb4c65caac
Spanaki, Konstantina
bd7cf80d-ce07-4b50-a8c9-b064daae8d32
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e
Gokkaya, Betul, Spanaki, Konstantina and Karafili, Erisa
(2025)
Strengthening the UK regulatory framework: enhancing cybersecurity in supply chains.
International Journal of Information Management Data Insights, 5 (2), [100370].
(doi:10.1016/j.jjimei.2025.100370).
Abstract
The increasing risks associated with cybersecurity in global supply chains present a significant problem, threatening the operational integrity and security of organisations on a global scale. The UK’s Network and Information Systems (NIS) Framework, although fundamental in cybersecurity regulation, has significant gaps in effectively addressing the complexities of contemporary global supply chain architectures entangled with quickly advancing cyber threats. In this work, we analyse the UK NIS framework, identify key gaps, and propose solutions drawn from other existing frameworks, e.g., US NIST, EU NIS2. We base this analysis on a comparative evaluation using defined criteria related to supply chain coverage, adaptability, and risk management specificity. We enhanced the cybersecurity in supply chains by proposing novel security requirements plans for each risk profile. Furthermore, we examined various solutions for risk assessments and self-risk assessments for supply chain security. We analysed practical risk assessment approaches, including self-assessment strategies, particularly suited for SMEs. Moreover, we investigated the contracting between supply chains in the context of data and information sharing.
Text
1-s2.0-S2667096825000527-main
- Version of Record
Text
Strengthening the UK Regulatory Framework
More information
Accepted/In Press date: 22 August 2025
e-pub ahead of print date: 2 September 2025
Published date: 2 September 2025
Identifiers
Local EPrints ID: 505584
URI: http://eprints.soton.ac.uk/id/eprint/505584
ISSN: 2667-0968
PURE UUID: feac62e7-8a73-423f-8c0d-10cf78f5dae2
Catalogue record
Date deposited: 14 Oct 2025 16:43
Last modified: 15 Oct 2025 02:01
Export record
Altmetrics
Contributors
Author:
Betul Gokkaya
Author:
Konstantina Spanaki
Author:
Erisa Karafili
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics