IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

C-suite executives say software supply chain hacks have become a 'chief concern'

Leaders at companies around the world say the prospect of such an attack has become front of mind since the notorious hacks on SolarWinds and Kaseya rocked the industry

The vast majority of C-suite executives have reported becoming more concerned about software supply chain attacks in the two years since the SolarWinds Orion and Kaseya attacks.

A new survey of C-suite executives working in varying roles, conducted by CloudBees, showed 82% were either ‘somewhat more concerned’ (40%) or ‘much more concerned’ (42%) of attacks impacting their businesses than they were in 2019, before the two landmark cyber attacks.

The results indicated that CEOs were the most perturbed by the prospect of a software supply chain attack out of all roles, more so than CISOs and CIOs.

Confidence in their own respective business’ software supply chain has dropped in the space of a year, too. Only 88% of executives believe their supply chain to be secure, a fall from 95% in 2021, and just 32% believe theirs to be ‘very secure’.

Despite the high degree of concern among most, a significant number of respondents reported not knowing who to engage if they became aware of a software supply chain attack. 

Just half of UK executives knew who to engage in a time of crisis and the figure was largely similar across the C-suites from all countries other than Australia where 71% of executives said they would know how to respond.

The idea of having a physical and digital copy of an incident response playbook in every business has been encouraged by the cyber security industry for years. 

Ransomware continues to be the main cyber threat for businesses so knowing how to act, what to do, and who to engage during an incident is considered to be hugely important.

The concern amongst executives for software supply chain attacks, like those that impacted SolarWinds and Kaseya, is reflected in the business priorities of those surveyed. More than three quarters said they prioritise security and compliance over the speed with which business can happen.

Regional differences in approaches are also apparent with businesses in the US, for example, placing more emphasis on security than the likes of the UK and Spain which both prioritise compliance.

CloudBees didn’t explain as to why the results differed in this way, but it could be due to the European countries being bound by the stricter GDPR than the US which does not have any equivalent legislation at the national level.

The focus on businesses staying resilient presents challenges with innovation, however. Most of those surveyed said compliance and security challenges, which often take time to overcome, were limiting the time available to the business to innovate.

Related Resource

Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities

Whitepaper cover with title and text, and image of pyramid cyber-resilience modelFree Download

Significant amounts of time are spent completing compliance audits and assessing risks and defects, CloudBees said, which has seen many organisations adopt a ‘shift left’ approach which involves moving the software testing and evaluation processes earlier into the development lifecycle.

Although this places an additional burden on developers, most executives (83%) agreed that the approach was important to their business. 

“These survey findings underscore the urgent need to transform the software security and compliance landscape,” said Prakash Sethuraman, chief information security officer at CloudBees. “As DevOps matures, security and compliance have taken centre stage as a source of significant friction.

“While shift left is a popular talking point, it is not yielding the desired results. Instead, it is further burdening development teams and taking their attention away from value-added work. What’s needed is a new mindset and a fresh approach, one in which security and compliance are continuous and actually speed innovation.”

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022