Supply chain breaches impacted 97% of firms in the past year

Data breach in a circle connected to other circles and images
(Image credit: Shutterstock)

Cyber security breaches that occurred in the supply chain have negatively impacted 97% of firms in the past 12 months, according to a recent BlueVoyant survey.

The firm surveyed 1,200 CIOs, CISOs, and chief procurement officers as part of its research for the Managing Cyber Risk Across the Extended Vendor Ecosystem report, which also found that 93% admitted they had suffered a direct cyber security breach because of weaknesses in their supply chain.

The number of organizations reporting a supply chain of over 1,000 companies more than doubled from 14% in 2020 to 31% in 2021. At the same time, the number of companies reporting 500 vendors or fewer dropped from 29% to 22%. The report said it is possible that supply chains rapidly increased, but it is more likely that companies became more aware of the full extent of their vendor networks.

The survey of IT leaders in organizations with more than 1,000 employees across a range of industries found the average number of breaches experienced in the past 12 months grew from 2.7 in 2020 to 3.7 in 2021 – a 37% year-on-year increase.

It revealed that only 13% of companies said that third-party cyber risk was not a priority, a drop compared to 31% of companies last year. Respondents who said they had no way of knowing when or if an issue occurs with a third-party supplier’s cyber security increased from 31% to 38%.

Additionally, 91% say the budget for third-party cyber risk management is increasing in 2021.

The research revealed that the health care sector exhibited the highest rate of third-party cyber risk awareness, and 55% said identifying risks was a key priority, compared to an average of 42% of all other respondents. However, this sector also reported high breach figures, with 29% reporting six to 10 breaches in the last 12 months, compared to a 19% average across all other respondents.

Manufacturing respondents were least likely to identify supply chain/third-party cyber security risk as a key priority and were most likely to be reporting on an annual basis only, according to the report.


Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security


“Budget increases demonstrate that firms are recognizing the need to invest in cybersecurity and vendor risk management. However, the wide yet consistent array of pain points suggests that this investment is not as effective as it needs to be,” said Adam Bixler, global head of third-party cyber-risk management at BlueVoyant.

“This, tied to the lack of visibility, monitoring, and senior-level reporting, underscores a need for further improvement when approaching third-party cyber risk, to reduce the exposure of data before attackers take advantage of this.”

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.