The Current State of Supply Chain Defense

The majority of global organizations say they have been negatively impacted by a breach in their supply chain. In our latest survey, 81% of global organizations reported being negatively impacted by a third-party cyber breach.

An Evolution in Third-Party Cyber Risk Management

First, the good news — organizations are more aware than ever that the third-party cyber risk is a problem. More and more executives BlueVoyant surveyed are tuned to this issue across the C-Suite — not only because of the immense damage a supply chain cyber breach can cause, but also because of new regulatory initiatives requiring organizations to take greater accountability of their third-party vendors’ cyber posture.  

As a result, this year’s survey revealed how more organizations are implementing third-party cyber risk management (TPRM) best practices, such as continuous risk visibility and direct vendor engagement, to get ahead of emerging risks and vulnerabilities. And more importantly, the survey also demonstrated a correlation between these efforts and a reduction in third-party cyber breaches.

Respondents reported a mean number of 3.7 supply chain cyber-related disruptions in the past year — a staggering amount even for the most well-equipped security teams.  

The majority (86%) of organizations reported a budget increase for TPRM programs in 2024. So what are the best ways to apply these resources to a new set of challenges? Instead of focusing efforts on third-party risk awareness, many organizations are shifting towards TPRM program effectiveness and putting an increasing premium on remediation itself. 

Many organizations now have the means to identify and track risky behaviors in their supply chain, but until those issues are more comprehensively remediated, the resources and effort put into the risk identification process is wasted.   

Here are a few recommendations to focus TPRM program efforts in the next year: 

1. Increase Automation: As with many other business functions, TPRM will continue to see increased reliance on automation and AI as a way of making effective risk management more accessible and scalable, especially for smaller- and medium-sized organizations that struggle with personnel and resource limitations. 
2. Keep a Human in the Loop: At the same time, it has become evident that complete automation is not a viable solution. For this reason, we continue to see more focus on the importance of analyst-driven decision making and having a “human in the loop”, especially for aspects of solutions like following up with third parties to ensure effective remediation. 
3. Integrate TPRM into the Security Stack: Finally, as information security as an industry continues to mature, there will be more focus put on the integration of various aspects of security operations. This means that third-party cyber risk will inevitably be folded into day-today SOC operations and wider risk management programs. 

While we cannot expect the number of supply chain cyber attacks to decrease, we can hope that faster identification and remediation helps to soften their impact. Learn more from the BlueVoyant team in the full The State of Supply Chain Defense: Annual Global Insights Report, including our analysis across countries and vertical sectors. 

Interested in growing and improving your TPRM program? Learn more about how BlueVoyant can help here. 

BlueVoyant’s survey with independent research organization Opinion Matters was conducted in July 2024 and captured insights from more than 2,100 industry leaders across business services, financial services, healthcare, manufacturing, utilities, energy, and defense sectors. Regions include the US, Canada, Europe, APAC, and more.