81% of global firms hit by supply chain breaches: BlueVoyant
MANILA, PHILIPPINES — A recent report from cybersecurity company BlueVoyant revealed that 81% of organizations worldwide experienced negative impacts from supply chain cybersecurity breaches in the past year.
While this marks an improvement from 94% in 2023, the findings highlight persistent vulnerabilities in third-party risk management (TPRM). Organizations reported an average of 3.68 cyber breaches annually, underscoring the need for robust defenses.
Outsourcing gains traction in cybersecurity management
One of the key trends identified in the report is the growing reliance on outsourcing third-party risk management activities. Globally, 36% of organizations now collaborate with vendors throughout the remediation process, a significant increase from 19% in 2023. This approach includes working with suppliers to address vulnerabilities and ensure compliance with service-level agreements (SLAs).
The report also highlights that industries such as energy and utilities, manufacturing, and business services are leading in outsourcing specific functions like monitoring and remediation. For example, 37% of energy companies outsource these activities, while business services organizations are the most likely to outsource all aspects of their TPRM programs.
“Organizations are transitioning from monitoring to actively reducing risks by collaborating with vendors,” BlueVoyant stated in its report. However, enforcing compliance and ensuring follow-through remain challenges for many businesses.
Larger ecosystems pose greater risks
The size of an organization’s supply chain correlates directly with its exposure to cyber risks. Companies managing over 10,000 suppliers reported a staggering 95% incidence rate of cyber breaches, compared to 51% for those with fewer than 500 suppliers.
Larger ecosystems also face difficulties in monitoring partners effectively; some organizations monitor as little as 25% of their vendors due to resource constraints.
Budget increases drive progress
Encouragingly, 86% of global respondents reported budget increases for TPRM programs in the past year, driven by high-profile breaches like the MOVEit hack campaign and other supply chain incidents.
These additional resources are being funneled into external expertise, automation tools, and vendor collaboration initiatives.
However, gaps remain: only 27% of organizations globally monitor supply chain risks monthly or more frequently, and 30% admit they wouldn’t know if a cyber issue emerged within their ecosystem.
Regional insights show mixed progress
Regions like Europe and Singapore outperform global averages in proactive monitoring and visibility. For example, 59% of Singaporean organizations periodically assess all vendors, compared to the global average of 50%.
Conversely, regions such as the U.K. report higher breach rates (95%) and lower adoption of autonomous transparency tools (11%).
A call for proactive measures
The report underscores the importance of prioritizing third-party cybersecurity as a strategic imperative. Enhanced monitoring frequency, investment in automation, and stronger collaboration with vendors are critical steps for improving resilience.
As BlueVoyant noted, “Organizations must move beyond awareness to operationalizing effective TPRM programs that scale with their ecosystems.”
With cyber threats evolving rapidly, businesses must adopt proactive measures to safeguard their supply chains and ensure long-term operational continuity.
