Supply chain breaches impacted 97% of firms in the past year

New BlueVoyand research finds that supply chain security breaches are increasing

Cyber security breaches that occurred in the supply chain have negatively impacted 97% of firms in the past 12 months, according to a recent BlueVoyant survey.

The firm surveyed 1,200 CIOs, CISOs, and chief procurement officers as part of its research for the Managing Cyber Risk Across the Extended Vendor Ecosystem report, which also found that 93% admitted they had suffered a direct cyber security breach because of weaknesses in their supply chain.

The number of organizations reporting a supply chain of over 1,000 companies more than doubled from 14% in 2020 to 31% in 2021. At the same time, the number of companies reporting 500 vendors or fewer dropped from 29% to 22%. The report said it is possible that supply chains rapidly increased, but it is more likely that companies became more aware of the full extent of their vendor networks.

The survey of IT leaders in organizations with more than 1,000 employees across a range of industries found the average number of breaches experienced in the past 12 months grew from 2.7 in 2020 to 3.7 in 2021 – a 37% year-on-year increase.

It revealed that only 13% of companies said that third-party cyber risk was not a priority, a drop compared to 31% of companies last year. Respondents who said they had no way of knowing when or if an issue occurs with a third-party supplier’s cyber security increased from 31% to 38%.

Additionally, 91% say the budget for third-party cyber risk management is increasing in 2021.

The research revealed that the health care sector exhibited the highest rate of third-party cyber risk awareness, and 55% said identifying risks was a key priority, compared to an average of 42% of all other respondents. However, this sector also reported high breach figures, with 29% reporting six to 10 breaches in the last 12 months, compared to a 19% average across all other respondents. 

Manufacturing respondents were least likely to identify supply chain/third-party cyber security risk as a key priority and were most likely to be reporting on an annual basis only, according to the report.

Related Resource

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Overlaid images of buildings, a sign saying 'security breach', and yellow text saying 'we have detected a harmful attack attempt'Free download

“Budget increases demonstrate that firms are recognizing the need to invest in cybersecurity and vendor risk management. However, the wide yet consistent array of pain points suggests that this investment is not as effective as it needs to be,” said Adam Bixler, global head of third-party cyber-risk management at BlueVoyant.

“This, tied to the lack of visibility, monitoring, and senior-level reporting, underscores a need for further improvement when approaching third-party cyber risk, to reduce the exposure of data before attackers take advantage of this.”

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

Marsh McLennan reveals its cyber risk analytics center
risk management

Marsh McLennan reveals its cyber risk analytics center

15 Oct 2021
MirrorBlast phishing campaign targets financial companies
phishing

MirrorBlast phishing campaign targets financial companies

15 Oct 2021
£100 contactless payment limit could place shoppers at risk, warn industry experts
Policy & legislation

£100 contactless payment limit could place shoppers at risk, warn industry experts

15 Oct 2021
Hackers used MSHTML exploit a week before patches were ready
zero-day exploit

Hackers used MSHTML exploit a week before patches were ready

14 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Cleaning up legacy IT to drag big tobacco into the future
digital transformation

Cleaning up legacy IT to drag big tobacco into the future

12 Oct 2021