Businesses are more reliant than ever on vast supply chains to operate efficiently. However, this interdependence has also made supply chains a prime target for cybercriminals.
Between 2021 and 2023, supply chain attacks surged by a staggering 431%, and projections indicate this number will continue to rise dramatically by 2025, according to a new cyber risk report by Cowbell.
Supply chain cyber attacks exploit the implicit trust between businesses and their vendors, leveraging a single vulnerable link to infiltrate multiple organizations. Rajeev Gupta (pictured), co-founder of Cowbell, said several issues are contributing to the explosion of these attacks.
“Rapid digitization, rising complexity in supply chain networks, and the lure of high-value information accessible from one entry point are all contributing factors,” Gupta told Insurance Business. “Moreover, many organizations struggle to maintain full visibility and control over third-party security practices, creating additional gaps that cybercriminals are quick to capitalize on.
“To mitigate these risks, businesses must adopt robust third-party risk assessments, strengthen vendor oversight, and maintain continuous security monitoring.”
According to Cowbell’s cyber roundup report, businesses with revenues exceeding $50 million are two-and-a-half times more likely to face cyber incidents. The cyber insurance provider based its findings on more than 46 million small to medium enterprises (SMEs) in the US, UK and Japan.
The manufacturing sector emerged as the most at-risk, with cyber risk scores 11.7% below the global average. The sector’s exposure is primarily driven by a reliance on automation and the sensitivity of its intellectual property.
Public administration and educational services also face elevated risks, particularly from ransomware attacks, with a 70% increase in attacks on educational institutions over the past year, according to the report.
When it comes to regional differences, Gupta noted that each market presents its unique regulatory environments, cultural nuances, and business practices, all of which could influence cybersecurity strategies. Factors such as local data protection laws, industry-specific mandates, and organizational awareness can also shift businesses’ exposures.
As for entry points for cyber attackers, Gupta revealed a stark trend in their data. “Interestingly, we also found that businesses using Google Cloud reported a 28% lower frequency and severity of cyber incidents compared to other cloud service providers, while Microsoft Azure showed the highest severity of breaches,” he said.
This shows that businesses must evaluate how their choice of cloud provider impacts their overall cyber risk profile.
The Cowbell report highlighted five critical technology categories that carry substantial cyber risk: operating systems, content management tools, virtualization platforms, server-side technologies, and business applications.
“Their ubiquity and complexity make them attractive targets for threat actors, and breaches in any of these layers can have a wide-ranging impact,” Gupta said.
He said that among these categories, operating systems pose the greatest immediate threat because they form the foundational layer of an organization’s entire IT infrastructure. “A compromised operating system grants attackers system-wide privileges, enabling lateral movement and the potential for severe data breaches,” Gupta said.
Content management tools are often targeted due to their role in storing and distributing sensitive business information. Cybercriminals also exploit vulnerabilities in virtualization software to gain control over entire server environments.
Server-side technologies are vulnerable because breaches in backend infrastructure can lead to data leaks and widespread disruptions. Finally, attackers frequently exploit widely used business applications or enterprise software to infiltrate organizations.
Business leaders, even those without extensive technical expertise, can take meaningful steps to enhance their organizations’ cyber resilience.
Gupta shared five strategies:
“To stay ahead, organizations must bolster defences through proactive strategies, enhanced training, and continual adaptation,” he said.
Do you have thoughts about the rise in supply chain cyber attacks? Please share a comment below.
