A new global study by cybersecurity firm BlueVoyant has revealed that 98% of firms have been negatively impacted by a cybersecurity breach within their supply chain. The research, titled “The State of Supply Chain Defense: Annual Global Insights Report,” highlights the pervasive and growing threat posed by third-party vulnerabilities.

The report surveyed 2100 Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), and Chief Procurement Officers (CPOs) from organizations with more than 1000 employees across multiple sectors in the US, UK, Mexico, Switzerland, Singapore, and Germany.

Key Findings on Breach Frequency and Cost

According to the BlueVoyant findings, 93% of the surveyed organizations admitted to having suffered a direct cybersecurity breach that resulted from weaknesses in their supply chain. The frequency of these incidents is also on the rise, with firms experiencing an average of 3.7 breaches originating from their supply chain in the last 12 months. This number marks an increase from the 2.7 average reported in the previous year’s study. For firms based in the United States, the average financial cost of these breaches reached $2.9 million.

Visibility Challenges and Budgetary Responses

The study identified significant challenges in managing third-party risk. Common issues cited by respondents include a lack of visibility into third-party suppliers, a tendency for suppliers to not be transparent about their security posture, and an over-reliance on the supplier to ensure adequate security. Reflecting these difficulties, only 41% of respondents stated their organization was very effective at detecting and responding to third-party cyber-risks. In response to the growing threat, organizations are increasing their investment in this area. The average budget for third-party cyber-risk management has risen by 44% year-over-year. The top priorities for firms now include consolidating technology solutions, working with suppliers to improve their security, and managing the entire lifecycle of supplier relationships.

Source: https://www.infosecurity-magazine.com/news/supply-chain-breaches-impact/