Global Supply Chain Cybersecurity: New Report Shows Evolving Focus on Third-Party Risk Management

Supply chains have become a high-stakes frontier in the world of cybersecurity. BlueVoyant’s State of Supply Chain Defense report for 2024 reveals that companies are no longer just talking about third-party cyber risk—they’re taking action. Across industries from healthcare to finance, leaders are focusing on practical, proactive ways to defend against the rising tide of supply chain threats.

Surveying over 2,100 executives, the report shows that businesses are investing more in third-party risk management (TPRM), not just to comply with protocols but to make real headway in security. While breaches remain a widespread issue, with many companies still facing repeated incidents, this year’s findings offer a hopeful sign: companies are evolving from awareness to meaningful defense, working to transform TPRM from a vulnerability into a resilience asset.

The numbers paint a complex picture. Eighty-one percent of organizations experienced cyber breaches through their supply chains in the last year—still a high rate, though down from 94% in 2023. Despite improved defenses, the threats remain stubbornly frequent, with businesses reporting an average of 3.7 breaches over the past year.

BlueVoyant’s findings reveal that executives are moving beyond merely “checking the box” on cybersecurity. They’re focused on proactive risk management, collaborating with suppliers, and improving executive oversight. In fact, 36% of organizations are now actively working with their vendors to address cyber issues—nearly double last year’s 19%. This is progress, but the report doesn’t shy away from highlighting the challenges that remain.

Only 32% of third-party vendors are consistently monitored, leaving gaps in visibility across many organizations. And with half of surveyed companies saying they lack the resources to regularly assess every vendor, the need for efficient solutions, like automation, is all the more pressing.

Sector-Specific Struggles & Hard Lessons

Not every industry is equally prepared for supply chain cyber risks. Healthcare, in particular, faces steep challenges, with 87% of healthcare and pharmaceutical companies reporting supply chain breaches—the highest rate of any industry surveyed. More concerning, over a third of these organizations don’t have basic threat detection capabilities for third-party vendors, meaning they’re essentially blind to potential risks.

Joel Molinoff, BlueVoyant’s global head of supply chain defense, noted, “While this progress brings many new challenges, it’s a big step forward compared to previous years, when many organizations barely tracked their third-party vendors or collaborated on cybersecurity issues.”

The shift Molinoff highlights is a sign that companies are recognizing the need to stay engaged and adaptive. BlueVoyant’s report also underscores several critical trends in how organizations are tackling these ongoing cyber threats:

• Budget Increases Show Commitment: A striking 86% of organizations have increased their third-party risk management (TPRM) budgets, backing up their intentions with resources to fortify defenses.
• More Hands-On Vendor Collaboration: Companies are moving beyond internal measures; this year, 36% are actively collaborating with vendors on cyber risk remediation—almost double last year’s figure, reflecting a more hands-on approach to shared security.
• Persistent Gaps in Monitoring: Despite progress, only 32% of vendors are regularly monitored, pointing to a clear need for automation and other tools to close visibility gaps and manage resources effectively.
• Healthcare’s Unique Cyber Challenges: The healthcare sector remains especially vulnerable, with the highest breach rate and limited detection capabilities. This makes healthcare an attractive target for cybercriminals and underscores the need for stronger defenses.

This report makes it clear that while organizations are on the right path, there’s still much work to do. Third-party cyber threats aren’t going away, but BlueVoyant’s findings offer a clear signal: businesses are learning from their experiences and increasingly ready to take on the challenge. In a world where interconnected supply chains are vulnerable, having a resilient TPRM program isn’t just nice to have—it’s essential.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.