Software supply chain breaches are ‘astonishingly high’, the report finds

That Transform Technology Summits launch on October 13 with Low-Code / No Code: Enabling Enterprise Agility. Register now!

Software supply chain weaknesses have become widespread in the company. It shows a new report from BlueVoyant, which today published the results of its second annual global survey of third-party cyber-risk management. The survey reveals that 97% of companies have been negatively impacted by a breach of cybersecurity in the supply chain, with 93% admitting that they have suffered a direct cyber security breach due to weaknesses in their supply chain.

“Even though we see [a rise in] Awareness of the problem, violations and the consequent negative impact is still staggeringly high, while the incidence of continuous monitoring remains relatively low, ”said BlueVoyant, global head of third-party cyber-risk management, Adam Bixler in a statement. “Third-party cyber risk can only become a strategic priority through clear and frequent briefings to the Executive Board and the Board of Directors. As long as it is still a line item that is only discussed once or twice a year – or less frequently – then cyber risk management will continue to decline from a strategic perspective until an unavoidable cyber incident leaks data, disrupts operations or embarrasses the company. ”

BlueVoyant’s report, conducted by the independent research organization Opinion Matters, examined 1,200 executives across companies in business services, financial services, healthcare and pharmaceuticals, manufacturing, utilities and the energy and defense industries. Conversely, the results show that although companies increased their cybersecurity budgets by 26% to over 100% over the last 12 months, the average number of infringements grew even faster, from 2.7 in 2020 to 3.7 in 2021-37% year- over-year increase.

The business services sector had the highest number of employees in its cybersecurity and risk teams, while manufacturing companies were least likely to identify supply chain and third-party cybersecurity risks as key priorities, according to BlueVoyant. Healthcare providers — 29% of whom experienced 6 to 10 violations over the past 12 months — meanwhile showed the highest level of third-party cyber-risk awareness, with 55% identifying risk as a major concern.

Supply chain challenges

The BlueVoyant survey highlights the challenges companies face with the growing software supply chain. CrowdStrike cited supply chain attacks as a growing threat way back in 2018 and believe they will continue to be an important intrusion vector. These attacks are often in the form of hardware or compromises from third parties and allow malicious actors to spread from a single point of intrusion to multiple targets downstream.

According to a recent report by Aqua Security, 73% of respondents are confident in their ability to stop software supply chain attacks, but only 32% are confident in the runtime features required to stop threats like Kinsing malware, which is only downloaded in runtime.

“Our research shows that there are large concentrations of unknown third-party cyber risk across vertical sectors, supply chains, and suppliers around the world, and organizations are experiencing frequent vendor defaults,” Bixler said. “While budgets are rising, the critical issue is where funds need to be directed to have a tangible impact on reducing third-party cyber risk. Lack of visibility, strategy and surveillance means that the situation is unlikely to improve until it gets the right attention. ”

By and large, the pandemic has had a major impact on cybersecurity. Cybercrime now costs the world nearly $ 600 billion every year. Meanwhile, the World Economic Forum reports that the probability of identifying and prosecuting the perpetrators of cyber attacks in the United States has dropped to a dismal 0.05%.

Cyber ​​investment is likely to accelerate only as hackers target new digital businesses. Ransomware has increased 148% year-over-year with an estimated 2.9 million attacks so far in 2021, and the European Agency for Cyber ​​Security (ENISA) recently predicted a fourfold increase in supply chain attacks in 2021 compared to last year. High-profile incidents such as the Colonial Pipeline shutdown, JBS ‘supply chain disruptions, and compromised servers at SolarWinds and Microsoft could lead to a 12.4% increase in global information security and risk management technologies to $ 150 billion this year.


VentureBeat’s mission is to be a digital urban space for technical decision makers to gain knowledge about transformative technology and transactions. Our site provides important information about data technologies and strategies to guide you as you lead your organizations. We invite you to join our community to access:

  • updated information on topics that interest you
  • our newsletters
  • gated thought-leader content and discount access to our valued events, such as Transform 2021: Learn more
  • networking features and more

sign up

Leave a Comment