Global Supply Chain Breaches Hit Nearly Every Company
▼ Summary
– 97% of organizations reported negative impacts from supply chain breaches, a significant increase from 81% in 2024.
– Many organizations are accelerating efforts to prevent and resolve supply chain incidents, with 45% collaborating with third parties on remediation.
– Nearly half of organizations (46%) have mature third-party risk management programs, and 36% now house these programs within cybersecurity or IT teams.
– TPRM programs face challenges including lack of internal support (60%) and infrequent security briefings for senior leadership (only 24% monthly or more).
– Many programs prioritize compliance over risk reduction, with only 16% citing risk reduction as the primary driver, and expansion of vendor ecosystems outpaces visibility and remediation capacity.
A staggering 97% of organizations now report experiencing negative consequences from a supply chain security breach, a sharp rise from the 81% figure recorded just one year prior. This alarming statistic comes from the latest annual global insights report, underscoring a critical and escalating threat to business operations worldwide. While the frequency of these incidents is climbing, the findings also reveal a corresponding acceleration in corporate efforts to build more resilient defenses.
Many companies are actively enhancing their strategies to prevent, mitigate, and resolve supply chain disruptions. Close to half of the organizations surveyed are now engaging directly with their third-party partners to address vulnerabilities. This collaborative approach takes two primary forms: some firms work side-by-side with vendors to fix problems, while others provide the necessary support for partners to implement their own solutions.
There is a growing recognition that third-party risk management (TPRM) is a cybersecurity imperative. This shift in perspective is reflected in organizational structures, with a notable portion of TPRM programs now residing within dedicated cybersecurity or IT departments. Nearly half of the respondents claim to have established a mature TPRM program, signaling that the foundational elements for defense are being put in place.
However, the presence of a mature program does not automatically translate to effective risk reduction. A significant hurdle identified is a persistent lack of internal support and buy-in, cited by 60% of program managers as their top challenge. This disconnect is further evidenced by infrequent communication with senior leadership; a majority of organizations only brief their top executives on security matters every three to six months, suggesting that supply chain risk has not yet achieved the board-level priority it may warrant.
Another concern is the motivation behind many TPRM initiatives. The data indicates that for numerous companies, these programs are driven more by compliance requirements, cyber insurance mandates, and contractual obligations than by a core objective of actually minimizing risk. This “check-box” approach can create a false sense of security without addressing the underlying vulnerabilities.
Furthermore, even advanced TPRM programs often operate in isolation. The report highlights a troubling lack of integration with broader enterprise risk management frameworks, particularly within vital sectors like financial services, manufacturing, and retail. This siloed approach prevents a holistic view of organizational threat exposure.
Compounding these issues is the rapid pace of business growth. Over 96% of organizations plan to expand their network of third-party vendors. Yet, many are adding these new partners faster than they can develop the necessary visibility, validation processes, and remediation capabilities to manage the associated risks effectively, potentially widening their attack surface.
(Source: InfoSecurity Magazine)
