Just 2% of global organizations didn’t suffer a supply chain breach last year, with visibility into cyber risk getting harder as these ecosystems expand, according to BlueVoyant.
The security firm polled 2100 C-level execs with responsibility for supply chain and cyber risk management from companies with 1000+ employees to compile its study, The State of Supply Chain Defense: Annual Global Insights Report 2022.
It found the top challenges listed by respondents were:
- Awareness internally that third-party suppliers are part of their cybersecurity posture
- Meeting regulatory requirements and ensuring third-party cybersecurity compliance
- Working with third-party suppliers to improve their posture
Supply chains are growing: the number of firms with over 1000 suppliers increased from 38% in 2021’s report to 50%.
Although 53% of organizations audited or reported on supplier security more than twice annually, 40% still rely on suppliers to ensure security levels are sufficient. That means they have no way of knowing if an issue arises with a supplier.
Worse, 42% admitted that if they do discover an issue in their supply chain and inform their supplier, they cannot verify that the issue was resolved.
Just 3% monitor their supply chain daily, although the number of respondents using security ratings services to enhance visibility and reduce cyber risk increased from 36% last year to 39% in this year’s report.
“With the escalating threat landscape and number of high-profile incidents being reported, I would recommend firms focus more strategically on addressing supply chain cyber security risk. In the current volatile economic climate, the last thing any business needs is any further disruption to their operations, any unexpected costs, or negative impact on their brand,” argued BlueVoyant UK managing director, James McDowell.
“While a higher proportion of firms say this is a priority, there is still a significant percentage who appear to be completely unaware of the risks in their supply chains. In today’s interconnected ecosystem, a risk to a supplier is a risk to your own business, therefore relying on vendors to mitigate without any oversight or control leaves organizations vulnerable.”