A new report has found that 88% of cybersecurity leaders are concerned about supply chain cyber risks, with most organisations using supply chain risk management approaches that are not keeping pace with the threat landscape.
The 2025 Supply Chain Cybersecurity Trends Survey, published by SecurityScorecard, draws on responses from nearly 550 CISOs and security professionals worldwide. The report highlights a significant increase in breaches involving third parties and a concentration of risk across technology and infrastructure providers.
Increasing third-party risks
According to the survey, third-party involvement in security breaches has doubled, with incidents rising from 15% to nearly 30%, as also detailed in the 2025 Verizon Data Breach Investigations Report. The reliance on a small group of external providers has resulted in what the report describes as an “extreme concentration of risk,” with the potential for a single provider’s compromise to affect thousands of organisations at once.
Ryan Sherstobitoff, Field Chief Threat Intelligence Officer at SecurityScorecard, addressed the evolving nature of these risks by stating:
Supply chain cyberattacks are no…
