Insights and Recommendations

According to a 2025 Supply Chain Cybersecurity Trends Survey published by SecurityScorecard, based on insights from nearly 550 CISOs and security professionals worldwide, current risk management methods are falling short in addressing emerging threats.

The survey highlights that third-party involvement in breaches has significantly increased from 15% to almost 30%, driven by the limited number of key providers supporting global tech and infrastructure. SecurityScorecard notes that supply chain attacks have shifted from isolated incidents to a regular occurrence, with many organizations failing to transform insights into actionable steps due to data overload.

Key findings indicate that over 70% of surveyed organizations experienced at least one significant cybersecurity incident last year, and 5% faced ten or more incidents. Only half monitor security across even 50% of their third-party supply chains.

Despite the concern expressed by 88% of organizations about supply chain risks, only 26% integrate incident response into their supply chain cybersecurity programs. Many rely on point-in-time assessments, vendor-supplied reports, or cyber insurance.

To address these challenges, SecurityScorecard suggests integrating threat intelligence feeds into vendor risk workflows to detect threats like ransomware and zero-day exploits in real time. Establishing a dedicated supply chain incident response process with defined roles and communication channels can ensure swift and consistent action.

Additionally, tiering vendors based on business impact, likelihood of exploitation, and operational criticality can help prioritize efforts. Finally, fostering cross-functional collaboration among procurement, legal, and operations teams can embed security in decision-making processes, aligning everyone towards resilience goals and shared performance metrics.