Supply chain, Breach

Supply chain breaches negatively affect 97% of study respondents

In an aerial view, shipping containers and container ships are seen at the ports of Long Beach and Los Angeles on Sept. 20, 2021, near Los Angeles. Amid nationwide record-high demand for imported goods and supply chain issues, the twin ports of Los Angeles and Long Beach are currently seeing unprecedented congestion. (Photo by Mario Tama/Getty Imag...

Nearly every company in a new survey said they were negatively impacted by a breach in their supply chain or suffered a direct breach as a result of supply chain weaknesses.

Cybersecurity firm BlueVoyant’s study, released Tuesday, showed 97% of respondents said their companies have been negatively impacted by a cybersecurity breach in their supply chain, while 93% said they suffered a direct cyber breach because of weaknesses in their supply chain. 

The average number of breaches respondents experienced in the last 12 months increased by 37% from the year before, going from 2.7 in 2020 to 3.7 in 2021.

The study surveyed 1,200 chief information officers, chief information security officers and chief procurement officers across a range of industries with more than 1,000 employees. Opinion Matters conducted the study in six countries: the United States, Germany, the Netherlands, the United Kingdom and Singapore.

With the high-profile supply chain attacks over the last year on SolarWinds, Colonial Pipeline and Kaseya, only 13% of respondents said third-party risks were not a priority this year, compared with 31% last year saying supply chain and third-party risk were not a concern. 

“Even though we are seeing rising awareness around the issue, breaches and the resulting negative impact are still staggeringly high, while the prevalence of continuous monitoring remains concerningly low,” Adam Bixler, global head of BlueVoyant’s third-party cyber risk management, said in a news release. “Third-party cyber risk can only become a strategic priority through clear and frequent briefings to the senior executive team and the board.”

Nearly all respondents, 91%, said their budget for third-party risk management is increasing in 2021, a figure unchanged from 2020. However, more respondents this year (38%) said they had no way of knowing when or if an issue arises with a third-party supplier’s cybersecurity, compared with last year (31%).

BlueVoyant noted in the news release that rising investments to combat third-party risk is limited due to the sheer volume of managing data and prioritizing risk. 

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.