Nearly All DACH Companies Surveyed Were Victims of Cyberattacks in 2021 Due to Vulnerabilities in Their Supply Chain

April 12, 2022

DACH companies need to better monitor third-party risks, according to a new BlueVoyant survey.

MUNICH, April 11, 2022 - BlueVoyant, an industry-leading internal and external cyber defense platform, commissioned independent market research firm Opinion Matters to conduct its second annual survey in summer and winter 2021. The survey's key findings indicate that despite high incident rates, companies in Germany, Austria, and Switzerland, known as the DACH region, are inconsistent in their approach to supply chain cyber risk management. Awareness, prioritization, and monitoring of third-party cyber risks are insufficiently developed, according to responses.

DACH region findings show rising attack rates, poor supplier visibility, and lack of third-party cybersecurity insights. Ninety-nine percent of companies surveyed based in the DACH region say they have fallen victim to a direct attack due to third-party cybersecurity vulnerabilities in the past year. This figure is higher than the 93% average for all companies surveyed in 2021.

The average number of reported security breaches originating in the supply chain is relatively high at 3.57 per company. More than 50% reported between two and five cyberattacks. Twenty-one percent reported attacks as high as between six to 10, up 2% on average from 2021.

Compared to companies in other regions, survey participants in the DACH region admit that cyber risks with third-party providers are not a priority. At more than 35%, the proportion is greater than the overall average for all regions (29%) surveyed. Forty-three percent of respondents said managing third-party cyber risk is a top priority for their company, and 22% said they monitor all of their external suppliers for potential cybersecurity issues.

Forty-two percent of companies whose supply chain includes between 1,001 and 10,000 suppliers were surveyed, while 33% of participants have a supply chain between 501 and 1,000 suppliers. On average, supply chains in the DACH region are reported to comprise 5,481 third-party suppliers.

With increasing supplier numbers reported, it is clear that many DACH companies lack insight into their suppliers' cybersecurity strategies. In fact, 40% say they are unaware of security vendor issues. Only those companies in this region that address this highly complex challenge will be able to address the growing organizational risk due to increasing attack numbers.

"The results show that despite the high number of critical incidents affecting supply chain cyber risk management, companies in Germany, Austria, and Switzerland are taking an inconsistent approach," said Markus Auer, sales director Central Europe at BlueVoyant. “Shared awareness of threat severity, prioritization, and monitoring of third-party cyber risks leave much to be desired. It is important that companies drive the integration of continuous supply chain monitoring, and significantly improve visibility. In addition, to ensure effective cybersecurity, clear responsibilities for third-party cyber risk, as well as comprehensive supplier training, are critical."

The survey polled 1,200 Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), and Chief Procurement Officers (CPOs) with supply chain and cyber risk management responsibilities at companies with at least 1,000 employees. Industries covered included business services, financial services, healthcare, pharmaceutical, manufacturing, utilities, and defense. To provide a global perspective, the study was conducted in the following countries: United States, Canada, Germany, Netherlands, United Kingdom, and Singapore. Subsequently, two additional European reports were commissioned. This involved surveying 450 people across Europe in January 2022, bringing the total number of survey participants to 1,650.

Get the full DACH BlueVoyant research report: "Global Insights - Managing Cyber Risk Across the Extended Vendor Ecosystem."

About BlueVoyant

At BlueVoyant, we recognize that effective cybersecurity requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, work as a force multiplier to secure your full ecosystem.

Accuracy. Actionability. Timeliness. Scalability.

Founded in 2017 by former Fortune 500 and former government cyber officials, BlueVoyant is headquartered in New York City and has personnel in Washington, D.C., Maryland, San Francisco, Israel, Philippines, Canada, U.K., Spain, Australia, Hungary, Czech Republic, Romania, Slovakia, Netherlands, Belgium, Germany, Sweden, Denmark, El Salvador, Colombia, Mexico, and Panama.

Media Contacts

Richard Wolters
T: +31(0)6 41273540
E: [email protected]

Jennifer Schlesinger
T: +1 201.397.4976
E: [email protected]