Number of damaging cyber attacks on supply chains up 26% in 2023
Survey finds that the average number of successful attacks that impact supply chains has gone up by over a quarter to 4.16 in 2023
Supply chains continue to be a key target for cyber criminals, as the number of breaches that damage supply operations rose 26% in 2023 finds a global survey of 2,100 technology and supply chain executives.
On average, respondents faced 4.16 successful attacks that went on to disrupt supply chains compared to 3.29 in 2022 and the research noted that this was broad-based, with all sectors except financial services experiencing a rise.
However, the study did suggest that there was a growing realisation of the impact and greater efforts to reduce risk.
The survey found that a 6% year-on-year rise in those monitoring their supply chain for cyber attacks on a monthly-or-less basis to 47% of respondents, and a similar 6% rise in those briefing their leadership on cyber risks at least monthly.
Alongside this rise in reporting, 85% said that they had budgeted more to spend on third parties specialised in mitigating cyber risk in 2023. Additionally, 51% expect to put more internal resources towards security and 46% said they are likely to source additional help externally.
Despite this reliance on external providers for security and the disparate nature of supply chains, only 19% said they actively work with suppliers to solve issues and breaches, with the remainder largely reliant on the third party to solve any problems. The research warns that a major risk is achieving adequate response times to attacks from supply chain technology vendors and that this is a notable gap in security currently.
"Our data suggests that the scope of the problem is increasing, with more enterprise vendors and suppliers falling prey to cyber attacks,” commented Joel Molinoff, global head of Supply Chain Defense for survey sponsor BlueVoyant. “Enterprises recognize the issue but the standard approach to third-party risk management is proving inadequate. Companies now need to focus energies on methods that proactively illuminate and reduce supply chain risk."
According to Brendan Conlon, BlueVoyant's chief operating officer for Supply Chain Defense, "Enterprises should examine their current approaches and identify areas for greater efficiency and continuous coverage — not only in detecting emerging vulnerabilities and risk, but also in quickly remediating threats hand-in-hand with impacted third parties."