99% of Global 2000 Companies Directly Connected to a Supply Chain Breach

20% of these mega companies use a thousand or more products

LAS VEGAS: New research from SecurityScorecard and The Cyentia Institute identified 99% of Global 2000 companies are directly connected to vendors that have had recent breaches. Prompted by new SEC cybersecurity requirements demanding transparency around third-party breaches, this report highlights the escalating risk of multi-party supply chain attacks.

“The world is only beginning to grasp the potential for chaos caused by concentration risk. Understanding and managing your supply chain is critical to protect business continuity. It’s not just about preventing disruptions; it’s about safeguarding the very foundation of our interconnected economy.”

The interconnected nature of modern business means that a vulnerability in one part of the supply chain can have far-reaching consequences, potentially impacting the entire ecosystem. Massive third-party incidents like Change Healthcare, MOVEit, and SolarWinds underscore the critical need for robust supply chain cybersecurity.

Key Findings: Global 2000: Industry Titans Battle the Beast of Supply Chain Cyber Risk

  • 99% of Global 2000 companies are directly connected to a supply chain breach.
  • 20% of these megacompanies use a thousand or more products.
  • Supply chain incidents cost 17X more to remediate and manage than first-party breaches.
  • The estimated total losses from Global 2000 breaches ranged between $20 billion and $80 billion over 15 months.
  • Global 2000 companies face significant concentrated risk due to their interdependence, with 90% acting as vendors to each other.
  • The top 8 most widely deployed vendors are used by at least 80% of Global 2000 companies, with 4 of the top 5 reporting a recent breach.

Wade Baker, partner and co-founder at The Cyentia Institute, said: “While the Global 2000 boasts $51.7 trillion in revenue, their interconnectedness exposes them to severe cyber risks – with 99% directly connected to breached vendors and incidents that can tally into the tens of billions.”

Know Your Supply Chain

Whether caused by a malicious DDoS attack or a faulty patch update, the end result of a supply chain event is the same: Users are denied access to critical systems.

Knowing Your Supply Chain (KYSC) is becoming an increasingly important component of cyber resilience. Understanding the dependencies within your organization and those of your vendors is critical for responding to incidents effectively. Even the most reliable vendors and partners can experience issues.

Key steps to securing the supply chain include:

  1. Continuously monitor the external attack surface: Safeguard your IT ecosystem with continuous automated scanning. Identify and mitigate IT infrastructure and cybersecurity risks across vendor, agency, and partner environments.
  2. Identify single points of failure: Map the critical business processes and technologies to identify any single points of failure. Create a watch list with these vendors.
  3. Automatically detect new vendors: Passively monitors vendors’ IT deployments to identify and resolve hidden supply chain risk.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence, said: “The world is only beginning to grasp the potential for chaos caused by concentration risk. Understanding and managing your supply chain is critical to protect business continuity. It’s not just about preventing disruptions; it’s about safeguarding the very foundation of our interconnected economy.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here