According to a recent survey, 82% of chief information officers (CIOs) say their organizations are vulnerable to cyberattacks targeting software supply chains.

The shift to cloud native development, along with the increased speed in development brought about by the adoption of DevOps processes, has made the challenges connected with securing software supply chains infinitely more complex. Meanwhile, cyber adversaries, motivated by the success of high-profile software supply chain attacks on companies like SolarWinds and Kaseya, are stepping up attacks against software build and distribution environments.

A report from Venafi, "CIO Study: Software Build Pipelines Attack Surface Expanding," surveyed 1,000 CIOs from around the globe to determine executive concern and action surrounding software supply chain security.

The report found that CIOs are becoming increasingly concerned about the serious business disruptions, revenue loss, data theft and user damage that can result from software supply chain cyberattacks. Findings from the study include:

  • 87% of CIOs believe software engineers and developers compromise on security policies and controls in order to get new products and services to market faster.
  • 85% of CIOs have been specifically instructed by the board or CEO to improve the security of software build and distribution environments.
  • 84% say the budget dedicated to the security of software development environments has increased over the past year.

In response to the increase in focus on software supply chain security, 68% of CIOs are implementing more cybersecurity controls in their organizations; 57% are updating their review processes; and 56% are expanding their use of code signing, a security measure for software supply chains.

For more report insights, click here.