SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Flux result 6c00d5b7 c0b4 43ef baed d767114427a1
#
Partner Programmes
#
Supply Chain
#
Risk & Compliance

Risk Ledger expands into Maryland to target US cyber

Wed, 25th Mar 2026
Author image
By Catherine Knowles, News Editor

Risk Ledger has expanded into the United States with a new presence in Maryland, giving the UK supply chain security company a base in one of the country's larger cybersecurity clusters.

It will use the Maryland operation to build its US go-to-market team as it targets customers across North America. Founded in 2018, Risk Ledger employs 75 people in the UK and works with organisations in sectors including government, insurance and energy.

The expansion comes as businesses and public bodies face closer scrutiny over risks deeper in their supply chains, beyond direct contractors. Cyber incidents linked to suppliers have drawn greater attention from regulators and buyers, particularly after a series of attacks exposed weaknesses in third-party oversight.

Risk Ledger sells a network-based system designed to show links between suppliers and highlight risk across broader supply chains, rather than relying on periodic questionnaires or one-off reviews. It argues that established third-party risk processes can miss changing exposures in connected supplier networks.

US Buildout

To support the move, Risk Ledger has appointed Matthew Fox to lead its US growth efforts. Fox previously held senior roles at Mimecast and Cymulate, and later founded cybersecurity company RiskApp.

Maryland is hosting the new operation through its Global Gateway Soft Landing programme. The state has long promoted its proximity to federal agencies and defence bodies, along with its concentration of cybersecurity companies and specialists.

Haydn Brooks, chief executive and co-founder of Risk Ledger, said the shift reflects a broader change in how organisations view supplier oversight.

"Supply chains have become the biggest attack surface in cybersecurity, yet most organisations are still relying on outdated approaches to manage supplier risk," he said.

Brooks said collaboration across supplier networks is central to managing cyber exposure.

He said, "Security can no longer be managed in isolation. It requires visibility and collaboration across the entire ecosystem. At Risk Ledger, we're pioneering Active Supply Chain Security - connecting organisations and suppliers on a shared network so they can identify systemic risks and emerging threats in real time. Expanding into Maryland allows us to work alongside one of the world's most advanced cybersecurity communities as we help organisations strengthen the resilience of their supply chains."

Market Pressure

Supply chain security has become more prominent as companies rely on larger webs of software providers, outsourcers and specialist service firms. That has increased the potential impact of breaches that affect one supplier and then spread to customers and partners.

Many organisations have traditionally assessed suppliers through annual reviews, spreadsheets and document requests. Critics say that model offers only a partial snapshot and often fails to account for indirect dependencies, concentration risk and changes in a supplier's security posture between assessments.

Risk Ledger's model is intended to create a shared source of supplier security information across a network of organisations. In practice, suppliers can provide standardised data once and share it with multiple customers, while larger organisations can map dependencies further down the chain.

The company's decision to enter the US reflects the scale of demand in that market, where cyber spending is higher and regulatory pressure is expanding across critical sectors. Maryland, in particular, has become a draw for cyber firms because of its links to government procurement and national security institutions.

Harry Coker Jr., secretary of the Maryland Department of Commerce, welcomed the decision to establish a presence in the state.

"Risk Ledger believes that locating in Maryland will give it a greater opportunity to grow globally-and we couldn't agree more," Coker said. "By joining our state's expansive cyber community, the company can immerse itself in the nation's digital economy and expand its presence across the U.S. We look forward to working with the Risk Ledger team in the years to come."

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member