Securing the Supply Chain: Why Cyber Security Matters to Everyone 

Steve Witty, Head of Security and Compliance, outlines simple steps to protect your business and our shared supply chain.

Cyber security. Hackers. Ransomware.

It’s easy to think, “We’re a small business—why would anyone target us?”

Unfortunately, that assumption is wrong.

Whether you have a large IT department, a managed service provider, or just a handful of devices - phones, tablets, laptops - cyber security matters. Attacks don’t discriminate by company size.

Cyber threats are an immediate and growing risk to UK businesses and the wider economy. Recent high-profile incidents in the construction sector show how quickly attacks on supply chain partners can disrupt operations and erode profitability. In fact, 43% of UK businesses experienced a cyber-attack last year.

Cyber-attacks are no longer a question of if, but when. The good news? Protecting yourself doesn’t have to be complicated.

What Is Cyber Essentials?

Cyber Essentials is a UK government backed certification that helps organisations protect themselves against the most common cyber threats.

  • It’s the minimum level of cyber-security recommended by the National Cyber Security Centre (NCSC)
  • It applies to all organisations, regardless of size
  • It focuses on five simple, proven security controls
  • Annual certification typically costs £320–£600 + VAT, depending on organisation size

Why We’re Talking About This

Our and our customers’ data is of the upmost importance to us, keeping us all safe and secure means working together with all our partners and always challenging our approach.

At Willmott Dixon, protecting our digital platforms, data, and operations is critical—but so is protecting our supply chain.

Cyber criminals increasingly target smaller suppliers to gain access to larger organisations. A single weak link can lead to financial loss, reputational damage, and widespread disruption. It can be devastating to businesses both large and small so taking the necessary precautions to protect yourself and your business is a matter of both fundamental need and a minimum requirement for working with our important defence customers.

As a supply chain partner - your security matters to us as much as our own.

How Cyber Essentials Helps You

Competitive advantage
Certification demonstrates your commitment to cyber security and builds trust with customers and partners. It’s often a requirement for working with government and large organisations—and on some projects, we may not be able to work with you without it.

Free cyber insurance (for SMEs)
UK organisations with turnover under £20m that certify their whole business receive free cyber liability insurance, including:

  • 24/7 incident response support
  • Access to technical, legal, and crisis management experts during an attack

Getting Started

If you’re not Cyber Essentials certified, we strongly encourage you to start now. There’s plenty of free support available:

Free 30Minute Cyber Advisor Call

SMEs (under 250 employees) can book a free 30minute consultation with an NCSC assured Cyber Advisor via the IASME website. You’ll receive practical guidance, answers to your questions, and clear next steps.

As head of security and compliance, I’m also always happy to have an informal chat.

Check Your Readiness

The Cyber Essentials Readiness Tool is a free online quiz that shows how your current security compares to the Cyber Essentials requirements. It highlights gaps and produces a simple action plan with supporting guidance.

Simple Steps You Can Take Today

Cyber security doesn’t have to be scary. Start with the basics:

  • Keep devices updated
    Those update notifications matter. Updates fix security vulnerabilities and are one of your strongest defences.
  • Use unique, strong passwords
    Never reuse passwords. Use three random words, passkeys where available, and a password manager (most browsers include one).
  • Enable MultiFactor Authentication (MFA)
    If an app offers MFA, turn it on. Whether it’s an authenticator app or SMS code, that extra step adds a powerful layer of protection.

Cyber security is a shared responsibility—and strengthening the supply chain makes us all more resilient.

Steve_Witty_1.JPG

Steve Witty has been Head of Security & Compliance at Willmott Dixon since 2019. With a background in information assurance and security consulting, Steve has extensive experience in various security roles in both the public and private sectors.