Supply chain breaches impacted 97% of firms in the past year

New BlueVoyand research finds that supply chain security breaches are increasing

Cyber security breaches that occurred in the supply chain have negatively impacted 97% of firms in the past 12 months, according to a recent BlueVoyant survey.

The firm surveyed 1,200 CIOs, CISOs, and chief procurement officers as part of its research for the Managing Cyber Risk Across the Extended Vendor Ecosystem report, which also found that 93% admitted they had suffered a direct cyber security breach because of weaknesses in their supply chain.

The number of organizations reporting a supply chain of over 1,000 companies more than doubled from 14% in 2020 to 31% in 2021. At the same time, the number of companies reporting 500 vendors or fewer dropped from 29% to 22%. The report said it is possible that supply chains rapidly increased, but it is more likely that companies became more aware of the full extent of their vendor networks.

The survey of IT leaders in organizations with more than 1,000 employees across a range of industries found the average number of breaches experienced in the past 12 months grew from 2.7 in 2020 to 3.7 in 2021 – a 37% year-on-year increase.

It revealed that only 13% of companies said that third-party cyber risk was not a priority, a drop compared to 31% of companies last year. Respondents who said they had no way of knowing when or if an issue occurs with a third-party supplier’s cyber security increased from 31% to 38%.

Additionally, 91% say the budget for third-party cyber risk management is increasing in 2021.

The research revealed that the health care sector exhibited the highest rate of third-party cyber risk awareness, and 55% said identifying risks was a key priority, compared to an average of 42% of all other respondents. However, this sector also reported high breach figures, with 29% reporting six to 10 breaches in the last 12 months, compared to a 19% average across all other respondents. 

Manufacturing respondents were least likely to identify supply chain/third-party cyber security risk as a key priority and were most likely to be reporting on an annual basis only, according to the report.

Related Resource

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Overlaid images of buildings, a sign saying 'security breach', and yellow text saying 'we have detected a harmful attack attempt'Free download

“Budget increases demonstrate that firms are recognizing the need to invest in cybersecurity and vendor risk management. However, the wide yet consistent array of pain points suggests that this investment is not as effective as it needs to be,” said Adam Bixler, global head of third-party cyber-risk management at BlueVoyant.

“This, tied to the lack of visibility, monitoring, and senior-level reporting, underscores a need for further improvement when approaching third-party cyber risk, to reduce the exposure of data before attackers take advantage of this.”

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

A quarter of all malicious JavaScript is obfuscated
hacking

A quarter of all malicious JavaScript is obfuscated

20 Oct 2021
Almost 70% of CISOs expect a ransomware attack
ransomware

Almost 70% of CISOs expect a ransomware attack

19 Oct 2021
Organizations warned of ransomware risk from smaller operators
ransomware

Organizations warned of ransomware risk from smaller operators

19 Oct 2021
Iranian hacking group continues to target US citizens
hacking

Iranian hacking group continues to target US citizens

18 Oct 2021

Most Popular

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021