There are myriad disruptive threats that keep supply chain risk managers up at night. Singling out a single risk, like cybersecurity, fails to capture the breadth of the challenge. Nevertheless, addressing risks individually is a prudent approach to tackling them. A series of surveys conducted by AXA over the past few years captures the top risks on the minds of risk managers. The Visual Capitalist took those survey results and created a very interesting infographic that depicts the top ten challenges derived from the AXA surveys. Holding steady as the top three global risks over the past few years are climate change, geopolitical instability, and cybersecurity. As supply chains become more digital, the staff at SupplyChainBrain believes that cybersecurity may become the “defining risk of the decade.”[1]

The SupplyChainBrain staff draws that conclusion from a survey conducted by DHL Supply Chain. They report, “According to a survey of 350 supply chain executives from DHL Supply Chain, cybersecurity was flagged by 56% as a top operating concern, particularly as hackers have become more sophisticated and persistent. Another 47% of respondents said that their chief concerns relate to outdated systems and software, while 49% pointed to inadequate technology solutions. When asked what they believed would be the most prominent external force impacting their businesses by 2030, 70% flagged cybersecurity threats — the most of any category.”

Cybersecurity Threats

Akhilesh Tuteja, a Global Cyber Security Leader at KPMG, reports, “Increasing reliance on complex supply chains is leading to a more uncertain and unpredictable cybersecurity landscape. … In its Global Cybersecurity Outlook 2025, the World Economic Forum identifies supply chain interdependencies as a leading factor in the increasing complexity of cyberspace in 2025. Named the top ecosystem cyber risk, supply chain vulnerabilities are the primary barrier to cyber resilience for 54% of large organizations.”[2] Tuteja goes on to explain that five core factors account for the complexity and risk arising from supply chain interdependencies. They are:

1. Cyber inequity. “Ecosystem resilience is often determined by its weakest link. The Forum's report highlights that while large organizations have recorded an increase in cyber resilience over 2024, smaller organizations continue to bear the weight of inequity, with 35% stating insufficient cyber resilience.”

2. Limited visibility on supply chains. “As supply chains expand, organizations find it increasingly difficult to maintain complete oversight of their suppliers’ security maturity. The growing attack surface and system interdependencies amplify the scope for potential attacks and damage.”

3. Software vulnerabilities introduced by third parties. “In today's interconnected cybersecurity landscape, the complexities of software supply chain interdependencies are significant. As supply chains expand, new entities often introduce vulnerabilities, especially when third-party compliance is challenging to verify or when open-source code is used.”

4. Dependence on critical providers. “The reliance on a limited number of critical providers introduces systemic points of failure within supply chains. Vulnerabilities in these providers can impact not only their direct customers but also the thousands of organizations and subsequent supply chains that depend on them. Cloud providers exemplify this risk, as their dominance means any disruption can cascade across numerous supply chains and ecosystems.”

5. Geopolitical impact on supply chains. “Cyber risks are increasingly influenced by geopolitical factors, with attacks often crossing national boundaries. The Forum’s report found that nearly 60% of organizations' cyber strategies are influenced by geopolitical tensions, with 16% changing vendors.”

When Tuteja writes about the growing attack surface and system interdependencies that amplify the scope for potential attacks and damage, he is spot on. Bloomberg journalists report about one such example. They write, “Hackers are infiltrating trucking and freight companies in a scheme to steal and sell cargo shipments, a growing campaign that could end up costing companies and consumers billions of dollars, according to new cybersecurity research. … Such crimes can create massive disruptions to supply chains and cost companies billions, with criminals stealing everything from energy drinks to electronics.”[3] As supply chains become more connected and digital, the line between physical disruptions and cyber disruptions is blurring.

Jess Smith, a Senior Cybersecurity Researcher at the Pacific Northwest National Laboratory, explains, “It used to be that physical systems … were distinct from traditional computer systems. That is no longer the case. There is no longer a line between these functions, and anything that is digital could be vulnerable to being hacked. We need to be vigilant about every single device in these incredibly complex networks.”[4]

Meeting the Challenge

There is virtually a 100% chance that any particular supply chain will eventually experience some kind of cyberattack. Keri Pearlson, a research scientist at the MIT Sloan School of Management, explains, “It’s impossible to be completely protected from every vulnerability. That’s because the good guys must protect against every possible vulnerability, while the bad guys only need one small crack in a company’s armor to get in.”[5] The inevitability of cyberattacks motivated Apu Pavithran, Chief Executive Officer and founder of Hexnode, to write, “Among all the threats facing global supply chains today, the issue of greatest concern lies within the very heart of the system: a lack of effective cybersecurity measures.”[6]

As frightening as that thought is, it doesn’t mean defenses aren’t available to counter those attacks. Pavithran explains, “The good news is that we're not powerless against these threats. By implementing a multi-pronged approach, organizations can significantly bolster their supply chain security posture. They need to conduct a thorough risk assessment to identify potential vulnerabilities across the supply chain. This includes evaluating the security practices of vendors, partners, and third-party service providers.” There are numerous articles explaining best practices and lots of vendors willing to help companies bolster their cyber defenses. Taking advantage of them is a wise course. The National Institute of Standards and Technology (NIST) offers some steps to help decrease risks.[7] They include:

1. Developing defenses based on the principle that your systems will be breached. “When one starts from the premise that a breach is inevitable, it changes the decision matrix on next steps. The question becomes not just how to prevent a breach, but how to mitigate an attacker’s ability to exploit the information they have accessed and how to recover from the breach.”

2. Accepting that cybersecurity is never just a technology problem, it’s a people, processes and knowledge problem. “Breaches tend to be less about a technology failure and more about human error. IT security systems won’t secure critical information and intellectual property unless employees throughout the supply chain use secure cybersecurity practices.”

3. Understanding that security is security. “There should be no gap between physical and cybersecurity. Sometimes the bad guys exploit lapses in physical security in order to launch a cyberattack. By the same token, an attacker looking for ways into a physical location might exploit cyber vulnerabilities to get access.”

Concluding Thoughts

Pavithran observes, “Supply chains today are experiencing the transformative impact of digitization. Digital tools such as cloud platforms and data analytics enable instantaneous visibility throughout the network. But while the digital revolution has undoubtedly streamlined supply chain operations, it has also opened up new avenues for cybercriminals.” That’s why Tuteja insists, “Organizations must proactively tackle the complexities and risks stemming from supply chain interdependencies. In an era of growing cyber risks, prioritizing visibility on supply chains will ensure organizations are better positioned to safeguard their digital infrastructure and protect digital assets through improved capabilities such as threat detection and incident response. A proactive approach is crucial to managing complexity in cyberspace.” It’s never too late to bolster your cyber defenses.

Footnotes

[1] Staff, “Supply Chain Leaders See Cybersecurity as Defining Risk of Decade,” SupplyChainBrain, 12 November 2025.

[2] Akhilesh Tuteja, “5 risk factors from supply chain interdependencies in a complex cybersecurity landscape,” World Economic Forum, 31 January 2025.

[3] Bloomberg, “Hackers and Crime Rings Are Teaming Up to Steal Cargo, Cyber Firm Says,” SupplyChainBrain, 3 November 2025.

[4] Pacific Northwest National Laboratory Press Release, “Scientists address risks to supply chain in a connected world,” EurekAlert!, 28 October 2024.

[5] Keri Pearlson, “When Cyberattacks Are Inevitable, Focus on Cyber Resilience,” Harvard Business Review, 18 July 2024.

[6] Apu Pavithran, “Supply Chains Under Siege: What Organizations Should Know,” SupplyChainBrain, 5 June 2024.

[7], Staff, “Best Practices in Cybersecurity Supply Chain Risk Management,” National Institute of Standards and Technology, August 2024.