The 2023 Supply Chain Cyberrisk Survey from BlueVoyant found that the number of cyber breaches targeting organizations’ supply chains continues to rise. The average is 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number of 3.29 breaches in 2022.
The survey covered 11 countries: U.S., Canada, Germany, Austria, Switzerland, France, the Netherlands, the United Kingdom, Australia, the Philippines, and Singapore
“Attacks targeting external vendors and partners are a constant threat,” said Joel Molinoff, BlueVoyant's global head of Supply Chain Defense, in a statement. “Our data suggests that the scope of the problem is increasing, with more enterprise vendors and suppliers falling prey to cyber attacks."
Every industry sector, except financial services, showed an increase in the number of breaches in their supply chains that negatively impacted their organization. The increasing breaches come despite survey respondents demonstrating that supply chain cyber risk management is a strategic priority.
Key survey findings include:
- Increased cadence of risk monitoring: 47% of respondents monitored their supply chain for cyber risk monthly or more in 2023, compared to 41% in 2022.
- Increased use of AI, but room to grow: Discussions of artificial intelligence have dominated the technology market, including its use for cyber defense and on the flip side, its use by cyber criminals to attack organizations. Respondents say they are likely to be using AI to monitor their digital supply chain, but prefer to rely on a combination of AI and human analysts. More than half (55%) said they use automation only to manage certain aspects of their third-party cyber risk.
- Increased budget and resources: 85% of respondents stated that their budget for third-party cyber risk has increased over the last twelve months, with 51% indicating they’ll allocate additional internal resources and 46% likely to add external resources.
- Increased senior management briefings: 44% of respondents reported briefing senior management teams monthly or more in 2023, compared to 38% in 2022.