IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Supply chain breaches impacted 97% of firms in the past year

New BlueVoyand research finds that supply chain security breaches are increasing

Cyber security breaches that occurred in the supply chain have negatively impacted 97% of firms in the past 12 months, according to a recent BlueVoyant survey.

The firm surveyed 1,200 CIOs, CISOs, and chief procurement officers as part of its research for the Managing Cyber Risk Across the Extended Vendor Ecosystem report, which also found that 93% admitted they had suffered a direct cyber security breach because of weaknesses in their supply chain.

The number of organizations reporting a supply chain of over 1,000 companies more than doubled from 14% in 2020 to 31% in 2021. At the same time, the number of companies reporting 500 vendors or fewer dropped from 29% to 22%. The report said it is possible that supply chains rapidly increased, but it is more likely that companies became more aware of the full extent of their vendor networks.

The survey of IT leaders in organizations with more than 1,000 employees across a range of industries found the average number of breaches experienced in the past 12 months grew from 2.7 in 2020 to 3.7 in 2021 – a 37% year-on-year increase.

It revealed that only 13% of companies said that third-party cyber risk was not a priority, a drop compared to 31% of companies last year. Respondents who said they had no way of knowing when or if an issue occurs with a third-party supplier’s cyber security increased from 31% to 38%.

Additionally, 91% say the budget for third-party cyber risk management is increasing in 2021.

The research revealed that the health care sector exhibited the highest rate of third-party cyber risk awareness, and 55% said identifying risks was a key priority, compared to an average of 42% of all other respondents. However, this sector also reported high breach figures, with 29% reporting six to 10 breaches in the last 12 months, compared to a 19% average across all other respondents. 

Manufacturing respondents were least likely to identify supply chain/third-party cyber security risk as a key priority and were most likely to be reporting on an annual basis only, according to the report.

Related Resource

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Overlaid images of buildings, a sign saying 'security breach', and yellow text saying 'we have detected a harmful attack attempt'Free download

“Budget increases demonstrate that firms are recognizing the need to invest in cybersecurity and vendor risk management. However, the wide yet consistent array of pain points suggests that this investment is not as effective as it needs to be,” said Adam Bixler, global head of third-party cyber-risk management at BlueVoyant.

“This, tied to the lack of visibility, monitoring, and senior-level reporting, underscores a need for further improvement when approaching third-party cyber risk, to reduce the exposure of data before attackers take advantage of this.”

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022