Almost Half Of Businesses Have Suffered Supply Chain Disruption From Cyber Incidents

A cyber attack does not have to hit your own business to cause expensive disruption because new research from procurement and supply chain consultancy Proxima discovered that 45% of businesses have already experienced supply chain disruption caused by a cyber incident during the past 24 months.

Business leaders also know how quickly those problems can become worse. Proxima’s Global Supply Chain Resilience Outlook found that 51% of CEOs said their businesses could not keep everyday operations running for more than three weeks if a major supply chain shock happened as soon as tomorrow.

The survey spoke to CEOs from businesses generating more than $500 million in annual revenue across the UK, the USA, Australia, Singapore and Germany. We are living in a time where cyber incidents now are as impactful as conflict, geopolitical tensions, climate change, extreme weather, tariffs, sustainability targets, regulatory requirements and emerging technologies as financial threats on supply chains.

 

How Much Is Avoiding Disruption Worth?

 

Many businesses are prepared to spend more if it means suppliers keep operating.

Proxima found that 72% of CEOs would accept an increase of more than 10% in third party supplier costs to guarantee supply chain resilience. On average, they said they would accept a 17.3% increase.

Around 38% said they would pursue cost savings to pay for higher supplier costs, 35% would pass those costs on to customers and 26% said they would cover the increase through reduced margins.

Simon Geale, Executive Vice President at Proxima, said, “It is no secret that businesses are navigating a period of intense supply chain uncertainty. This research shows that CEOs are still very alert to disruption risk and that they are placing an increasing emphasis on building sustainable supply chain resilience to counteract.”

He added, “CEOs are further recognising the substantial costs and vulnerabilities their companies could face from supply chain disruption, and it is now clear many are willing to pay a premium to guard against that risk. Resilience has become a boardroom topic and a price worth paying.”

 

 

Where Are The Weak Spots?

 

The survey found businesses often cannot see cyber risks within their supplier networks. Only 35% said they have real time visibility into the cyber risk of their critical suppliers, even though almost half have already dealt with disruption caused by a cyber incident.

AI is helping many businesses keep an eye on suppliers with more than half of CEOs saying AI is delivering measurable value in supplier risk monitoring. Data quality was named as a barrier by 38%, 30% mentioned a lack of skills and 29% said uncertainty around return on investment is slowing more use.

Proxima also found that 78% of CEOs spoke of internal tensions when introducing fast moving tech such as AI and keeping business compliance practices in place.

 

What Happens When Software Supply Chains Go Wrong?

 

More research from Kaspersky gives a good example of how supply chain problems can begin long before a business notices them.

The company’s Global Research and Analysis Team reviewed thousands of GitHub Actions workflows and using Kaspersky Container Security, the researchers found more than 250,000 potential security issues with only 10% of those producing no alerts.

Leonid Bezvershenko, senior security researcher at Kaspersky GReAT, said, “Over the past year, we have observed serious supply chain attacks, that could have been prevented by following secure CI/CD configuration guidelines.

“While the uncovered issues do not automatically indicate exploitable vulnerabilities, they point to areas where developers should verify and strengthen configurations.

“By identifying these weaknesses early, organisations can build more resilient pipelines and reduce the likelihood of supply chain compromise. The rules developed for our container security solution provide a practical framework to identify and remediate these gaps before they can be exploited.”