Supply chain attacks are the next big risk for organisations

While enterprise leaders scramble to fend off ever-evolving cyber threats, a new report from CrowdStrike shows why business leaders need to be more precious about their supply chain.

According to the report, 90% of respondents admitted to incurring a financial cost after experiencing a software supply chain attack. The average cost of an attack like this is just over $1.1 million dollars.

Furthermore, 80% of respondents believe software supply chain attacks have the potential to become one of the biggest cyber threats over the next three years.

>See also: As supply chain attacks surge, people hold the key to tighter security

Global reaction

The findings show that companies admit to being unprepared in their defence against supply chain attacks,  citing a lack of visibility, tools, and technologies as a root cause for this admission.

While 90% agree that security is a critical factor when making purchasing decisions surrounding new suppliers, only 37% of respondents in the US, UK and Singapore said that their organisation would be willing to vet all of them.

On top of this, only a quarter of respondents believe with certainty that their organisation will increase its supply chain resilience in the future.

>See also: The risk of ignoring risk in the modern enterprise

Key hurdles

The report found that some of the key hurdles holding organisations back from developing a robust protection strategy include; a lack of comprehensive security vetting practices for suppliers and third-parties, as well as slow detection and response to threats.

Respondents, on average, take close to 63 hours to detect and react to a software supply chain attack

>See also: The comprehensive IT security guide for CIOs and CTOs


CrowdStrike’s vice president of product marketing, Dan Larson, argued that organisations should invest in prevention, detection and response technologies.

In a release, Larson said: “It’s clear that supply chain attacks are becoming a business-critical issue, impacting topline relationships with partners and suppliers but organisations largely lack the knowledge, tools, and technology to be protected.”

“Knowledge gaps and the lack of established standards to prevent complex supply chain attacks are putting organisations at risk from a financial, reputational, and operational perspective.”

>See also: Five big tests facing your supply chain this year 

Nominations are now open for the Women in IT Awards Ireland and Women in IT Awards Silicon Valley. Nominate yourself, a colleague or someone in your network now! The Women in IT Awards Series – organised by Information Age – aims to tackle this issue and redress the gender imbalance, by showcasing the achievements of women in the sector and identifying new role models

Avatar photo

Andrew Ross

As a reporter with Information Age, Andrew Ross writes articles for technology leaders; helping them manage business critical issues both for today and in the future