A recent report released by Risk Ledger, State of Cyber Security in the Supply Chain 2023, spotlights the key security weaknesses in the supply chain ecosystem. The report is based on proprietary data from more than 2,500 suppliers that have shared information on their risk posture against more than 200 cyber security controls with their customers. Suppliers surveyed were global including from United Kingdom (62%), the United States (20%) and other countries.

The report draws attention to 12 of the most common weaknesses among suppliers such as 51% do not have a 24/7 security or reception team at all physical premises.

Other key highlights include:

  • 17% don’t enforce multi-factor authentication (MFA) on all remotely accessible services.
  • 23% do not use Privileged Access Management controls to securely manage the use of privileged accounts.
  • 20% do not use a password manager.

According to the report, these are just some of the weaknesses that are common causes of cybersecurity incidents and a high proportion of third, fourth and fifth party suppliers are not using controls to protect themselves or their customers in these areas.