Nearly every company in a new survey said they were negatively impacted by a breach in their supply chain or suffered a direct breach as a result of supply chain weaknesses.
Cybersecurity firm BlueVoyant’s study, released Tuesday, showed 97% of respondents said their companies have been negatively impacted by a cybersecurity breach in their supply chain, while 93% said they suffered a direct cyber breach because of weaknesses in their supply chain.
The average number of breaches respondents experienced in the last 12 months increased by 37% from the year before, going from 2.7 in 2020 to 3.7 in 2021.
The study surveyed 1,200 chief information officers, chief information security officers and chief procurement officers across a range of industries with more than 1,000 employees. Opinion Matters conducted the study in six countries: the United States, Germany, the Netherlands, the United Kingdom and Singapore.
With the high-profile supply chain attacks over the last year on SolarWinds, Colonial Pipeline and Kaseya, only 13% of respondents said third-party risks were not a priority this year, compared with 31% last year saying supply chain and third-party risk were not a concern.
“Even though we are seeing rising awareness around the issue, breaches and the resulting negative impact are still staggeringly high, while the prevalence of continuous monitoring remains concerningly low,” Adam Bixler, global head of BlueVoyant’s third-party cyber risk management, said in a news release. “Third-party cyber risk can only become a strategic priority through clear and frequent briefings to the senior executive team and the board.”
Nearly all respondents, 91%, said their budget for third-party risk management is increasing in 2021, a figure unchanged from 2020. However, more respondents this year (38%) said they had no way of knowing when or if an issue arises with a third-party supplier’s cybersecurity, compared with last year (31%).
BlueVoyant noted in the news release that rising investments to combat third-party risk is limited due to the sheer volume of managing data and prioritizing risk.