SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Interconnected supply chains digital locks vulnerabilities and overconfidence cybersecurity
#
Ransomware
#
Supply Chain
#
Risk & Compliance

Overconfidence threatens supply chain cyber security resilience

Fri, 24th Oct 2025
Author image
By Catherine Knowles, Journalist

A significant majority of public sector agencies and businesses report confidence in their ability to tackle supply chain cyber attacks, according to a new study from NCC Group.

The State of Supply Chain Security report, based on a global survey of 1,010 cyber security decision makers, reveals that 94% of public sector agencies feel assured in their ability to respond to such incidents. However, this confidence appears to exist in contrast with the findings that almost half (44% of public sector respondents and 45% overall) have experienced a supply chain breach within the past year.

The research collected responses from professionals across eight markets - US, UK, Australia, Germany, the Netherlands, Singapore, Spain, and the Philippines - and covered eleven industries, including both public and private sectors. Respondents were drawn from a wide range of roles, from junior employees to CEOs and board members, across departments such as business, finance, IT, sales and procurement.

Confidence versus experience

Among public sector agencies, 92% expressed trust that their suppliers are adhering to cyber security best practices. Despite this, a third of agencies do not perform regular risk assessments on their supply chain partners. This trend is mirrored across the wider business landscape, where a third (34%) of organisations overall are not actively monitoring or conducting regular cyber risk assessments of their suppliers.

The report highlights that 68% of surveyed organisations expect supply chain attacks to become more severe in the next year, reflecting an awareness of the growing risk. Despite this, only 34% say they have complete and detailed insight into their supply chain's cyber security.

In terms of operational impact, almost half (49%) of organisations that suffered a breach reported disruption to their operations. Yet, 21% believe that the failure of a key supplier for five days would have no effect on their operations-a perspective the report describes as lacking awareness of supply chain interdependencies.

Mike Maddison, CEO of NCC Group, said: "Global supply chains are the engine of modern business, so it is critical that their security is a priority for leaders, especially when global ransomware levels are at a record high this year. The outbreak of high profile supply chain attacks we have seen this year must be taken as a wake up call. These attacks have real world consequences, delaying medical procedures, grounding flights, leaving shelves empty and putting the economy and jobs at risk. In the face of such a threat, it is shocking that 92% of respondents trust their suppliers to follow cyber security best practices. Time and time again, threat actors are profiteering from this overconfidence, using straightforward techniques to access virtually unguarded supply chain networks."

He continued: "Although it is encouraging to see cyber security climbing up the boardroom agenda for organizations, overconfidence in supplier visibility, and the ability to react, is leading to complacency that we can no longer ignore. Security is only as strong as the weakest link in a supply chain. Organisations are severely overestimating their operational resilience, with 21% of respondents believing they wouldn't be affected if a key supplier was unable to operate for five days - they are in for a rude awakening. Supply chain attacks threaten not only individual organizations, they are an economic risk at an international level. This report is a clarion call for organizations and governments to wake up to the realities of supply chain vulnerability. We must do more to increase economic resilience by proactively tackling these threats."

Artificial intelligence and evolving risks

The study identifies artificial intelligence as the primary factor organisations expect to increase supply chain security risk over the next 12 months. Some 59% of respondents agreed that AI could present new challenges to supply chain security in the coming year.

Other findings from the report include concerns around visibility over suppliers: only 36% of organisations say they understand how their partners store and protect business-critical data, while 59% express worries about their insight into their own supply chain.

Additionally, the cost of cyber security measures was cited as the biggest challenge to achieving compliance and risk management, with 45% of suppliers flagging this as their greatest pain point.

Regulatory response

The publication of the report coincides with the introduction of new regulations designed to boost cyber security resilience, such as the UK's Cyber Security Resilience Bill, the EU's NIS2 Directive, and the Digital Operational Resilience Act (DORA). Most organisations (90%) surveyed expressed confidence that such standards and policies can reduce the risk of attacks, though they acknowledge that managing global compliance may increase supply chain complexity.

Katharina Sommer, Group Head of Government Affairs at NCC Group, commented: "Governments don't share the same confidence in supply chain security as shown by business, prompting tighter regulations being introduced to combat these growing threats. Legislation is still catching up with the pace of innovation and the global regulatory landscape is still fragmented. As we move to an even more connected world where supply chains overlap borders and governments, organizations must carefully navigate policies to minimize supply chain vulnerabilities and increase resilience."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
DE-CIX predicts AI revolution in finance, healthcare & industry by 2026
CrowdStrike & CoreWeave unite to secure advanced AI cloud workloads
CrowdStrike expands Falcon with mission-ready agents for AI security
SquareX wins SINET16 Innovator Award for browser security
CrowdStrike unveils Falcon XIoT for unified OT & IoT security

Top stories

Check Point scores 99.59% in top firewall security report by NSS
Fortinet unveils Secure AI Data Centre to boost AI security & speed
Retailers hit by ransomware face higher USD $2 million demands
Contrast Security integrates with Microsoft Sentinel for real-time app defence
Cloud breaches driven by identity failures & process flaws