BOX BOX BOX: What F1 teaches us about supply chain risk

We need to talk about last weekend's Belgian Grand Prix. I promise, there's a point to this.

Let’s get this out of the way first. I like a bit of F1.

And yes, I could talk for hours about last weekend’s Belgian Grand Prix. The rain-soaked chaos, Hamilton’s climb from 18th to 7th, the Piastri–Norris drama, the pit stop games of 'who blinks first', and the mysterious McLaren battery anomaly. Absolute scenes.

But I promise there’s a point here, and it’s not just because I wanted an excuse to bring up Leclerc vs. Verstappen’s showdown for third. Because if you look closely, Formula 1 is the perfect metaphor for how today’s businesses are navigating supply chain cyber risk.

Here’s why.

A typical F1 car costs around £15 million. It’s a symphony of software, hardware, sensors, data, and carbon fibre, all meticulously engineered to perform under pressure. But if one part fails, a dodgy sensor, a failed battery unit, or even a misfiring pit strategy, it doesn’t matter how good your driver is. The whole race goes up in smoke.

Photo by Jonathan Borba: https://www.pexels.com/photo/formula-1-car-racing-on-wet-track-at-high-speed-31331378/

Last weekend, the drama in the garages piled on the pressure: A complex track with adverse weather conditions had crews scrambling, making for truly intense television: Tough strategic decisions and costly calls, made greater by technical challenges, misreads and unpredictable conditions. In a sport that lives and dies by fractions of a second, even a tiny lapse has massive consequences.

Where am I going with this?

Modern businesses are no different. Multimillion-pound operations, running complex ecosystems of partners, platforms, vendors, and services. All interconnected. All interdependent. The driver (your frontline team) might be world class. But if your pit crew (read: your supply chain) makes a wrong call or leaves a vulnerability exposed, you’re off track before you know it.

Right now, attackers know this.

We’re seeing it again and again. Third-party suppliers becoming the entry point for cyber incidents. Not because the enterprise lacks defences, but because someone in the chain didn’t patch a system, didn’t follow protocol, or didn’t take security seriously. Bad actors don’t always go for the big wall. They go for the side gate. The one you forgot was even there.

A third party becomes the weak link. Again. Revenue lost, share price knocked, boardrooms scrambling to clean up. You’d think by now we’d stop being surprised.

What happens next...

SMEs in the supply chain are going to see more scrutiny. Contracts will change. Customers will demand proof of resilience, not just promises. And if you’re found lacking, you may not just lose the deal. You could find yourself on the receiving end of legal action or public blame.

It’s not just about protecting your systems anymore. It’s about being reliable enough not to drag your customers down with you.

One thing is guaranteed: the direction of travel is up. Attack frequency, due diligence requirements, board-level pressure. All climbing.

So yes, maybe I wanted to talk about F1 a bit. But the parallels are hard to ignore. You don’t win races with just a great driver. You win because every part of the team, every piece of the machine, is tuned and tested.

Same goes for business. Same goes for cyber resilience.

Don’t be the pit crew that costs your team the podium.