Large and complex supply chains are being targeted by cyber-attackers

Supply-chain focused attacks have increased 633% over the past year, equating to a 742% average yearly increase in software supply chain attacks since 2019, according to Sonatype. 

Supply chains are increasingly vulnerable to cyber-attacks, so risk leaders need to move quickly to prevent such future threats from impacting their organisations, according to new research. 

While cybersecurity is growing as a significant risk, it is still not regarded as a major risk priority by many business leaders. In a recent survey of 5000 c-suite executives by Economist Impact, cybersecurity ranked fourth among risks that an organisation is prioritising for. 

This will need to change, particularly when one factors in the increasingly complex supply chains in which a modern organisation operates. Many firms struggle to understand or visualise the supplier networks connected to their main (tier 1) suppliers, with only 2% of all firms reporting that they have ‘high visibility’ beyond tier one of their supplier networks, in a recent survey. 

Meanwhile, 90% of organisations lack awareness of sub-tier supplier disruptions, for up to 48 hours occurrence, according to Interos’ 2023 Supply Chain survey. 

This should concern risk managers because recent analysis of the causes of many supply chain incidents, including cyber-attacks, reveals that they originated within tier two or tier three of an organisation’s supply chain.  

Conversations with members of our corporate working group and risk management community have highlighted concerns that supply chain visibility is a major issue for many risk managers. With the world becoming increasingly complex and connected, and incident frequency accelerating to a point where events occur daily. Gaining visibility across supply chains is essential not just to ensure future viability and survival but will cement firms’ digital strategy and allow them to thrive.