Supply chain cyber attacks up as firms struggle to manage risk

15 October 2021

Supply chain cyber security breaches are up by more than a third as companies struggle to monitor third-party risk, according to research.

BlueVoyant’s second annual global survey into third-party cyber risk management found 93% of respondents had suffered a direct cyber security breach because of weaknesses in their supply chain. The average number of breaches rose from 2.7 in 2020 to 3.7 in 2021, a 37% year-on-year increase.

Only 13% of companies said third-party cyber risk was not a priority, down on 31% last year.

Four in 10 (38%) said they had no way of knowing when or if an issue arises with a third-party.

Nine in 10 (91%) said investment in cyber security was increasing but BlueVoyant said such increases were limited by greater attack activity.

The healthcare sector had the highest rate of third-party cyber risk awareness, and 55% said identifying risk was a key priority, compared to an average of 42%. However, the sector also reported high breach figures, with 29% reporting six to 10 breaches in the last 12 months, compared to a 19% average. 

Manufacturing respondents were least likely to identify supply chain/third-party cyber security risk as a key priority and were most likely to be reporting on an annual basis only. 

Adam Bixler, global head of third-party cyber risk management at BlueVoyant, said: “Even though we are seeing rising awareness around the issue, breaches and the resulting negative impact are still staggeringly high, while the prevalence of continuous monitoring remains concerningly low.

“Third-party cyber risk can only become a strategic priority through clear and frequent briefings to the senior executive team and the board.” 

The survey involved 1,200 chief procurement officers, chief information officers and chief information security officers in organisations with more than 1,000 employees across industries including business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defence.

It covered six countries including the US, Canada, Germany, The Netherlands, the United Kingdom, and Singapore. 

☛ Want to stay up to date with the news? Sign up to our daily bulletin.

London (Central), London (Greater)
£40,169 per annum
Royal College of General Practitioners
Based at Dstl Porton Down, Salisbury or Dstl Portsdown West, Fareham
£25,052 - £29,228 (+ benefits including flexible working) depending on skills and experience
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates