Building suppliers urged to strengthen cyber resilience as supply chain risks threaten business continuity

Building suppliers urged to strengthen cyber resilience as supply chain risks threaten business continuity

Cyber resilience is now a business continuity issue for building suppliers. Steve O’Keeffe, RVP UK&I at Epicor, explains how AI-enabled threats, supplier dependencies, ERP disruption, and board-level oversight are changing construction supply chain risk.


IN Brief:

  • Building suppliers face increasing cyber risk as connected systems link orders, inventory, delivery, and supplier portals.
  • ERP outages, compromised supplier access, and loss of live stock data can disrupt construction sites and wider supply chains.
  • Stronger cyber hygiene, supplier visibility, and board-level oversight are now central to operational resilience.

By Steve O’Keeffe, RVP UK&I at Epicor

The government has written to all UK businesses warning them that a new generation of AI could make it easier for criminals to launch cyber attacks.

The open letter published in April warns that criminals will “not just target government systems and critical infrastructure” but also “ordinary companies, of every size, in every sector”.

For business leaders up and down the country — including building suppliers and others with complex and interconnected supply chains — it is a stark reminder about the growing threats of operating in an increasingly connected world. And it is easy to see why.

Why building suppliers are in the crosshairs

Building suppliers sit inside highly interconnected supply chains, with shared systems linking orders, inventory, and delivery. That connectivity creates a multiplier effect, where one breach can quickly ripple across multiple partners.

At the same time, many building suppliers simply do not have the resources to protect themselves. They are forced to rely on smaller teams, tighter budgets, and older systems that were never designed to handle today’s cyber threats.

In other words, they face the same risks as larger organisations, but without the same level of protection or expertise to deal with them. And even if this were not the case, cyber attackers are experts at exploiting common human weaknesses, which is why phishing, stolen credentials, and deepfakes continue to pose a threat.

Finally, once an organisation has been targeted, the pressure on them to restore operations quickly — perhaps even paying a ransom — simply gives the criminals the upper hand. That is why building suppliers are so susceptible to attacks. And the knock-on effect can be devastating.

Operational impact of supply chain disruption

If enterprise resource planning (ERP) systems or supplier portals go down, orders cannot be placed, processed, or tracked, creating immediate disruption. Without access to live data, businesses lose sight of inventory levels.

They do not know what is in stock, what is running low, or what is already allocated, which, in turn, has an impact on deliveries. And it is not just building suppliers that feel the impact.

From a single point of failure, disruption can ripple out across the entire construction chain. Housebuilding can grind to a standstill, refurbishments are delayed, and sites sit idle waiting for materials.

Practical steps to protect your business

So what should companies do in the face of an escalating threat? The first thing is to strengthen resilience and improve cyber hygiene.

Despite all the advancements made in security in recent years — everything from Zero Trust architecture to real-time threat detection — many of the weaknesses exploited by attackers today still come under the heading of ‘basic flaws’.

As I said earlier, even the most sophisticated cyber attacks exploit simple weaknesses such as outdated software, weak passwords, or missing backups. So, getting the basics right is key.

Finally, companies should plan for disruption. Knowing how quickly you can respond if a key supplier goes offline can be the difference between a controlled recovery and a wider operational shutdown.

Visibility needs to extend beyond known boundaries

But focusing only on internal cyber hygiene and preparing for the worst is only part of the solution. Many organisations are securing themselves while remaining exposed through their suppliers.

In other words, if you cannot see what is happening across your wider supplier network, you cannot spot where the security risks are.

That is why it is imperative that building suppliers know which partners have access to their systems and where critical dependencies exist across the supply chain.

Much like the internal security protocols, that includes focusing on strengthening basic controls that reduce common entry points, including multifactor authentication (MFA), role-based access, and stronger credential practices.

It is also important to invest in security around essential platforms. This may include using cloud solutions with encryption and real-time monitoring, maintaining audit trails, and ensuring systems are regularly patched and monitored.

Security is now a board-level priority

What is clear is that supply chain cyber risk is now a business continuity issue and should be treated as such. In reality, resilience now depends as much on how well you understand your partners as how well you secure your own systems.

As the Secretary of State for Science, Innovation and Technology, Liz Kendall, and Security Minister, Dan Jarvis, said in their letter: “If your board has not recently discussed cyber risk, do so at your next meeting and then regularly. This is not an issue to delegate to your IT team and forget about. This will only become increasingly important.”

I could not have put it better myself.

This article originally appeared in the April 2026 edition of IN Site. Read the full issue here.



  • SBS expands Wave 3 retrofit across Midlands

    SBS expands Wave 3 retrofit across Midlands

    SBS is expanding occupied-home retrofit delivery across the Midlands region. Thousands of social homes will receive insulation, solar, ventilation, window, door, and hot-water improvements by 2028.


  • Young volunteers refurbish Avonmouth community centre

    Young volunteers refurbish Avonmouth community centre

    Eleven young volunteers have renewed facilities at Avonmouth Community Centre. The Toolstation and VIY project combined practical building work with accredited trade and safety training.