ISC2 Survey: 70% of Respondents Highly Concerned by Supply Chain Risk>
ISC 2 –
Organizations in the digital economy face significant supply chain cybersecurity risks, especially after recent disruptions from the pandemic and cyberattacks like SolarWinds
A global ISC2 survey of over a thousand cybersecurity professionals revealed a high level of concern regarding these risks, particularly among enterprise organizations and sectors like financial services and military contracting
Challenges include a lack of visibility and transparency regarding supplier practices, making it difficult to manage risks associated with third-party vendors
Many organizations conduct regular risk assessments, but they vary in frequency and comprehensiveness, highlighting the need for ongoing evaluations of supplier security measures
The survey also identifies the necessity of a structured approach to risk management, emphasizing compliance with security standards and incident response protocols
Key points:
– 70% of organizations are highly concerned about supply chain cybersecurity.
– Financial services (82%) and military sectors (81%) show the highest concern levels.
– 28% of organizations reported cybersecurity incidents from third-party vendors in the last two years.
– Major threats to supply chains include data breaches (64%) and malware (52%).
– Regular risk assessments are conducted by 70% of organizations, but evaluation intervals vary widely.
– Compliance with standards (e.g., ISO 27001, NIST) is crucial—77% require this from vendors.
– Over half of respondents (54%) report having a dedicated risk management program, more common in enterprise organizations (70%).
– The need for better visibility into vendor practices is a recurring concern highlighted by many respondents.
– Effective incident response policies are critical, yet only a minority of organizations lack them.
– Utilizing a Zero Trust architecture is recommended for enhanced security.
– Continued development of cybersecurity skills is important for effective risk management and compliance.
Link: https://www.isc2.org/Insights/2025/11/2025-isc2-supply-chain-risk-survey