Islamabad: Supply chain attacks have become a major cybersecurity threat for businesses worldwide, with one in three organizations reporting incidents over the past year, according to a study by Kaspersky.
The report highlights how increasing reliance on third-party vendors and digital ecosystems is exposing companies to new risks. It notes that limited cybersecurity resources and competing priorities are making it difficult for organizations to effectively manage supply chain and trusted relationship threats.
Nearly 42% of respondents identified a shortage of qualified IT security professionals as a key challenge, along with the need to balance multiple security tasks. These pressures often leave gaps in monitoring third-party risks, allowing vulnerabilities to go undetected.
Workforce and structural gaps
The study found that workforce shortages are compounded by structural issues. Around 39% of organizations said their contracts lack clear cybersecurity obligations for vendors, while 32% reported that non-IT staff do not fully understand supply chain risks.
These gaps weaken an organization’s overall security posture, particularly in environments where external partners play a critical role in operations.
Weak adoption of security measures
Globally, 85% of businesses acknowledged the need to strengthen their protection against supply chain risks. However, only 15% consider their current measures effective.
Adoption of basic safeguards remains inconsistent. Two-factor authentication is used by just 38% of organizations, while only 35% conduct regular cybersecurity assessments of contractors. This leaves many companies without continuous visibility into partner security practices.
Need for coordinated response
Kaspersky noted that organizations previously affected by attacks are more likely to adopt stronger security practices, including reviewing compliance standards and requesting penetration test results.
The company recommends a more coordinated approach, including managed security services, improved employee training, and stricter vendor evaluation processes. It also emphasizes the importance of embedding clear cybersecurity requirements into contracts and strengthening collaboration with partners.
