BlueVoyant Research Reveals Australian Organisations Continue to Brace for Negative Impact from Supply Chain Cyber Attacks

December 7, 2023

Study unveils an alarming 17% increase in reported negative impacts in Australia from supply chain cyber breaches, disrupting operations, and highlighting the growing threat

Sydney Australia, December 8, 2023 — BlueVoyant, a cybersecurity company that illuminates, validates, and mitigates internal and external risks, today released the findings of its fourth annual global survey into supply chain cyber risk management. The 2023 study reveals that the number of cyber breaches targeting Australian organisations’ supply chains continues to rise, with an average 4.06 breaches reported to be negatively impacting operations this year — a 17% increase from the mean number of 3.48 breaches in 2022.

Australian respondents are more advanced when it comes to some aspects of supply chain security than other regions, and lagging behind in other aspects. As in 2022, supply chain cyber risk is more likely to be a key priority for Australians surveyed in 2023 than it is for global respondents (42% compared to 31% overall). However, less than half of respondents are monitoring their third parties for cyber risk monthly or more frequently – including in real time, (44% compared to 47% overall). At the same time, senior management is more likely to be briefed on supply chain cyber risk monthly or more frequently (51% compared to 44% overall).

Surprisingly given the focus, respondents in Australia were less likely to report having received a budget increase (73% compared to 85% overall). Those that reported a likely budget increase in the future were likely to see motivation from recent breaches, with 68% reporting more internal resources (compared to 51% overall), and 56% reporting more external resources (compared to 46% overall) due to budget increases because of breaches. Recent breaches are also causing this region to have increased scrutiny and oversight from the board when it comes to supply chain security (47% compared to 39% overall). This makes sense given the many high-profile breaches reported to come from third parties in Australia.

In this region, the numbers showed that:

  • Australian respondents were less likely to say they had no way of knowing if an issue arose with a third party (24% compared to 26% overall).
  • Automation is a more popular way for Australian organisations to handle cyber third-party risk management in certain areas, with 77% using it compared to 73% of global respondents.
  • Another bright spot in Australian third-party cybersecurity is that respondents were more likely to say they work with third parties each step of the way to remediate issues (36% compared to 19% overall)

“Attacks targeting external vendors and partners are a constant threat,” said Joel Molinoff, BlueVoyant's global head of Supply Chain Defense. “Our data suggests that the scope of the problem is increasing, with more enterprise vendors and suppliers falling prey to cyber attacks. Enterprises recognize the issue but the standard approach to third-party risk management is proving inadequate. Companies now need to focus energies on methods that proactively illuminate and reduce supply chain risk.”  

Of the report, Brendan Conlon, chief operating officer for BlueVoyant’s Supply Chain Defence said: “With a never-ending flow of headlines and regulatory requirements demanding attention to supply chain cyber risk, it is hard to ignore the importance of getting the proper defenses in place. Enterprises should examine their current approaches and identify areas for greater efficiency and continuous coverage — not only in detecting emerging vulnerabilities and risk, but also in quickly remediating threats hand-in-hand with impacted third parties.

The study was conducted by independent research organisation, Opinion Matters, and recorded the views and experiences of 2,100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief info security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organisations with more than 1,000 employees across a range of industries. These include: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense. It covered 11 countries: U.S., Canada, Germany, Austria, Switzerland, France, the Netherlands, the United Kingdom, Australia, the Philippines, and Singapore. The 2022 research was also conducted by Opinion Matters.

Learn more about the full global BlueVoyant research report: "The State of Supply Chain Defence: Annual Global Insights Report," including analysis across countries and vertical sectors.

About BlueVoyant

BlueVoyant combines internal and external cyber defense capabilities into outcomes-based, cloud-native cybersecurity solution by continuously monitoring your network, endpoints, attack surface, and supply chain, as well as the clear, deep, and dark web for threats. The full-spectrum cyber defense products and services illuminate, validate, and quickly remediate threats to protect your enterprise. BlueVoyant leverages both machine-learning-driven automation and human-led expertise to deliver industry-leading cybersecurity to more than 900 clients across the globe.

BlueVoyant Press Contact:

Jennifer Schlesinger

[email protected]