Key findings
68 %
of organizations expect the severity and scale of supply chain attacks to escalate further
45 %
of respondents experienced a cyber security breach in the last 12 months
59 %
of respondents were concerned about the visibility over their supply chain
Our research highlights that the rising tide of risk is crashing into supply chains, with 68% of organisations expecting attacks to become even more severe.
At the same time, emerging technologies like Artificial Intelligence (AI) are reshaping how we operate, unlocking new efficiencies, but also introducing new vulnerabilities.
With cyber resilience rising up the boardroom agenda following recent high profile attacks, one critical vulnerability remains overlooked: the supply chain. The soft underbelly of cyber resilience.
Hear from our CEO, Mike Maddison, discussing the research.
The report
To understand how businesses are tackling the challenge of supply chain cyber security, we conducted a global study exploring the key concerns, pressures, and priorities shaping their approach. The findings offer a compelling snapshot of how decision-makers around the world have perceived and responded to evolving supply chain risks.
These findings raise a fundamental question: if supply chain attacks are inevitable, what can organisations do to increase not only their resilience, but that of their supply chain?
The report includes data driven analysis of the state of supply chain security and insight from experts across NCC Group including:
- The major risk areas for supply chain security
- Global complexities and nuances
- Critical questions to ask your stakeholders
- Five steps to enhance supply chain security
The state of supply chain security
The findings – three critical themes
The overconfidence trap
94% of respondents are confident in their ability to respond to a supply chain attack. 92% trust their suppliers to follow best practices. Yet only 66% regularly assess supplier risk.
This disconnect suggests many may be underestimating the scale of the threat. Are organisations sleepwalking into a resilience crisis?
94%
of respondents are confident about their ability to respond quickly to a supply chain attack
21%
of respondents feel as though they wouldn't be affected if a key supplier was unable to opearate for five days
The responsibility gap
While 57% of CEOs believe they have strong visibility into supply chain security, only 30% of directors and 18% of team supervisors agree.
Responsibility is often pushed to cyber security teams, with 62% saying it’s their job alone. But resilience can’t live in a silo. It requires shared ownership across the business.
57%
of CEOs believe that their organisation has full visibility over their supply chain security, compared to 30% of directors
62%
of respondents say cyber security teams would be responsible for a supply chain cyber incident
The shadow of AI
AI is now the top emerging risk in supply chain security. 59% of respondents expect it to drive the greatest increase in threat over the
next year. Yet many organisations lack visibility into how AI is being used, both by employees and by attackers. From data poisoning to model manipulation, the risks are real and rising.
59%
of respondents identify AI as the biggest driver of increased supply chain security risk in the next 12 months
READ THE REPORT
Business resilience is built on secure supply chains, read the report today