98% of organizations surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain, according to a new supply chain cybersecurity risk report. 

In 2021, 97% of respondents said they experienced the negative impacts of a cyber breach in their supply chain. Digital supply chains are made of the external vendors and suppliers who have network access that could be compromised.

The State of Supply Chain Defense: Annual Global Insights Report from BlueVoyant and conducted by Opinion Matters recorded the views and experiences of 2,100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief information security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organizations with more than 1,000 employees across a range of industries. These include: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense.

Cybersecurity supply chain risk findings

The 2022 annual report found that 40% of respondents rely on the third-party vendor or supplier to ensure adequate security. In 2021, 53% of companies said they audited or reported on supplier security more than twice per year; that number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.

The top pain points reported are internal understanding across the enterprise that suppliers are part of their cybersecurity posture, meeting regulatory requirements, and working with suppliers to improve their security.

Cyber risk by industry sector

Analysis of the responses from different commercial sectors revealed considerable variations in their experiences of supply chain risk:

While healthcare and pharmaceutical was the third-highest vertical in terms of experiencing greater board scrutiny for supply chain risk at 42%, the sector also indicates the lowest likelihood to increase budget for external resources to bolster supply chain cybersecurity, by a margin of 7% below the next closest vertical. This sector is also the least likely of any sector (34%) to have no way of knowing if an issue arises with a third party's environment.

The energy sector was most likely to report negative impact from at least one supply chain breach in the last year (99%) but 49% are monitoring supply chain cyber risk regularly or in real time, and 44% are updating senior leadership monthly or more frequently. In addition, energy companies say they are increasing their budget for supply chain cyber risk by an average of 60%.

In manufacturing, 64% of respondents say that supply chain cyber risk is on their radar and 44% say they have established an integrated enterprise risk management program.

For more report information, click here.