The tide has finally turned and public services across the UK are now getting to grips with the realities of digital transformation. That means from NHS records to council payroll, policing databases to waste collection systems, almost every frontline service now relies on some form of software to function. This dependence and transition, which it has to be said is taking much longer than comparable sectors (and may not end for quite some time yet), has enabled new efficiencies, but it has also created fragility. Specifically this: when a critical supplier falters, the ripple effects can be immediate and severe.
The UK Government itself acknowledges this risk. In the 2025 National Risk Register, ‘critical supplier failure' is listed as a ‘rising tide crisis'. It may be assessed as a limited impact scenario but crucially, that rating is based on the assumption that ‘reasonable recovery measures are in place'. If those measures exist and are effective, recovery is expected to be instantaneous or, at worst, take a matter of weeks. The danger is that this assumption is just that and nothing more. How confident can we be that recovery measures have been set up, tested and are robust?
