Estimated reading time: 4 minutes
Supply Chain Cyber Risks Growing Faster Than Defenses
SecurityScorecard’s latest study delivers a blunt warning: global businesses are facing unprecedented supply chain cyber risks, and most are unprepared. The 2025 Supply Chain Cybersecurity Trends report draws from nearly 550 CISOs and cybersecurity leaders worldwide. It paints a concerning picture of today’s digital supply chain landscape. The conclusion? “Our digital infrastructure becomes more concentrated and interdependent each year, yet our ability to see and manage these risks continues to decline,” the report warns. These concerns aren’t new.
The Rise of Third-Party Breaches
Third-party cyber incidents are increasing at an alarming rate. The 2025 Verizon Data Breach Investigations Report shows that third-party involvement in breaches has doubled, from 15% to 30%.
The impact is widespread. In the past year, 71% of surveyed organizations experienced at least one material third-party cyber event. Five percent faced 10 or more such incidents.
“Supply chain cyberattacks are no longer isolated incidents; they’re a daily reality,” said Ryan Sherstobitoff, Field Chief Threat Intelligence Officer at SecurityScorecard. He emphasized that current approaches are “passive,” focused on “checklists,” and fail to defend against fast-evolving threats.
A Fragile, Concentrated Infrastructure
The report highlights a growing systemic risk. Just 150 companies now power 90% of Fortune 500 tech services. This creates dangerous points of failure.
Each new vendor relationship adds to the attack surface. Yet, 79% of organizations admit they lack visibility into more than half of their nth-party supply chains. Only 26% have built incident response into their programs.
Many remain over-reliant on cyber insurance and vendor self-assessments. “Static checks won’t stop dynamic threats—only integrated detection and response will,” said Sherstobitoff.
Get The Cyber Insurance Upload Delivered
Every Sunday
Subscribe to our newsletter!
Top Risks Keeping Leaders Awake
Survey respondents identified their biggest concerns:
- Exploitation of vulnerabilities
- Reliance on shared software platforms
- Shadow IT and open-source software risks
Despite this, the majority of programs lag in key areas. For example, only 37% of organizations include formal vendor issue remediation and just 26% conduct joint tabletop exercises with vendors.
SOC Teams Under Pressure
Security Operations Centers (SOCs) bear the brunt of supply chain cyber issues. According to the report, 92% of SOC teams own or share responsibility for supply chain cybersecurity.
However, 71% of SOC analysts report high stress and burnout—many struggle to keep pace with escalating workloads. Data overload was the most common challenge. Many SOCs cannot prioritize threats effectively or engage vendors quickly.
A Call to Action
SecurityScorecard urges organizations to rethink their approach. Their recommendations include:
- Integrate threat intelligence across vendor ecosystems
- Establish dedicated supply chain incident response workflows
- Implement vendor tiering based on risk
- Foster a culture of shared accountability across business units
These steps, if followed, can close critical visibility gaps and enable faster, more effective responses.
Why It Matters for Cyber Insurers
For cyber insurance providers, these findings are a wake-up call. Underwriting risk becomes increasingly challenging as supply chain complexity deepens. Current client risk controls may not reflect the real-world threat landscape.
Proactive risk reduction, better incident response, and intelligence-driven vendor oversight will increasingly factor into coverage decisions. Insurers must help clients transition from passive compliance to active resilience.
Conclusion
The digital supply chain is now a prime target for cybercriminals and nation-state actors. Concentrated risk, limited visibility, and outdated defenses leave many businesses exposed. “Cybersecurity now requires more than breach prevention,” the report concludes. “It demands the ability to survive systemic failure.”
For businesses and insurers alike, the path forward is clear: act now, or risk becoming the next headline.
RELATED NEWS
