BlueVoyant Research Reveals Global Organizations Continue to Brace for Negative Impact from Supply Chain Cyber Attacks

NEW YORK, December 7, 2023 — BlueVoyant, a cybersecurity company that illuminates, validates, and mitigates internal and external risks, today released the findings of its fourth annual global survey into supply chain cyber risk management. The 2023 study reveals that the number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number of 3.29 breaches in 2022.

“Attacks targeting external vendors and partners are a constant threat,” said Joel Molinoff, BlueVoyant's global head of Supply Chain Defense. “Our data suggests that the scope of the problem is increasing, with more enterprise vendors and suppliers falling prey to cyber attacks. Enterprises recognize the issue but the standard approach to third-party risk management is proving inadequate. Companies now need to focus energies on methods that proactively illuminate and reduce supply chain risk.”

Every industry sector, except financial services, showed an increase in the number of breaches in their supply chains that negatively impacted their organization. The increasing breaches come despite survey respondents demonstrating that supply chain cyber risk management is a strategic priority.

Key survey findings include:

• Increased cadence of risk monitoring: 47% of respondents monitored their supply chain for cyber risk monthly or more in 2023, compared to 41% in 2022.
  
• Increased use of AI, but room to grow: Discussions of artificial intelligence have dominated the technology market, including its use for cyber defense and on the flip side, its use by cyber criminals to attack organizations. Respondents say they are likely to be using AI to monitor their digital supply chain, but prefer to rely on a combination of AI and human analysts. More than half (55%) said they use automation only to manage certain aspects of their third-party cyber risk.
  
• Increased budget and resources: 85% of respondents stated that their budget for third-party cyber risk has increased over the last twelve months, with 51% indicating they’ll allocate additional internal resources and 46% likely to add external resources.
  
• Increased senior management briefings: 44% of respondents reported briefing senior management teams monthly or more in 2023, compared to 38% in 2022.
  

Despite the increased oversight and more regular monitoring, a real challenge has emerged — getting supply chain vendors to consistently address risk in a timely manner after being made aware of a vulnerability or security issue. Only 19% of respondents are actively working with their supplier to make sure issues are remediated. The rest are mainly relying on the supplier to fix the issue, which can leave them vulnerable.

“With a never-ending flow of headlines and regulatory requirements demanding attention to supply chain cyber risk, it is hard to ignore the importance of getting the proper defenses in place,” said Brendan Conlon, chief operating officer for BlueVoyant’s Supply Chain Defense. "Enterprises should examine their current approaches and identify areas for greater efficiency and continuous coverage — not only in detecting emerging vulnerabilities and risk, but also in quickly remediating threats hand-in-hand with impacted third parties.”

The study was conducted by independent research organization, Opinion Matters, and recorded the views and experiences of 2,100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief info security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organizations with more than 1,000 employees across a range of industries. These include: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense. It covered 11 countries: U.S., Canada, Germany, Austria, Switzerland, France, the Netherlands, the United Kingdom, Australia, the Philippines, and Singapore. The 2022 research was also conducted by Opinion Matters.

Learn more about the full global BlueVoyant research report: "The State of Supply Chain Defense: Annual Global Insights Report," including analysis across countries and vertical sectors.

About BlueVoyant

BlueVoyant combines internal and external cyber defense capabilities into outcomes-based, cloud-native cybersecurity solution by continuously monitoring your network, endpoints, attack surface, and supply chain, as well as the clear, deep, and dark web for threats. The full-spectrum cyber defense products and services illuminate, validate, and quickly remediate threats to protect your enterprise. BlueVoyant leverages both machine-learning-driven automation and human-led expertise to deliver industry-leading cybersecurity to more than 900 clients across the globe.

BlueVoyant Press Contact:

Jennifer Schlesinger

[email protected]