Since the beginning of the Digital Age, companies have been told that, to remain competitive, they had to go digital. Over the years, digital enterprises have demonstrated this competitive edge is real. They have also discovered another truth: The more connected an enterprise becomes the more cybersecurity risks they face. It’s a modern-day conundrum. Mark Graham, technical director of threat intelligence at Dragos, explains that one business area that exposes many attack surfaces is the supply chain. He explains, “As digital interdependence grows, so too does our exposure, often in ways that remain invisible until it is too late. Supply chain compromise is fast becoming a key attack vector for adversaries targeting operational technology. These threats are no longer limited to theoretical discussions or isolated cases. They are real, persistent, and growing in complexity.”[1]

The Wide Variety of Cyber Vulnerabilities

Supply chain risk managers would be delighted if they could focus on a single area of cybersecurity. Unfortunately, that is not the case. The threats are coming from all directions. Below are a few of the supply chain areas witnessing cyberattacks.

Operational Technologies. Graham’s particular focus is on operational technologies. He notes, “Many organizations believe they are isolated, only to discover accessible endpoints, unpatched vulnerabilities, and devices with little or no authentication. The supply chain only amplifies this risk.” Trying to button-up all those loose ends is more difficult than most people imagine. Jess Smith, leader of the Prevention and Protection team at Pacific Northwest National Laboratory, observes, “It used to be that physical systems, such as the devices that open valves or turn on or off transformers, were distinct from traditional computer systems. That is no longer the case. There is no longer a line between these functions, and anything that is digital could be vulnerable to being hacked. We need to be vigilant about every single device in these incredibly complex networks.”[2]

Logistics. The staff at Supply Chain 24/7 reports, “A new report from Everstream Analytics finds that cyberattacks targeting logistics companies are expected to double in 2026, following several years of sharp growth. The research tracks incidents affecting carriers, ports, 3PLs, and other logistics providers and shows attacks are up nearly 1,000% since 2021. … Everstream found that these attacks are becoming more coordinated and harder to contain. In many cases, the compromised systems weren’t owned by the affected company at all, but by a third-party provider, leaving shippers and carriers with little control over the situation.”[3]

Fraud and Theft. Journalist Dev Kundaliya reports, “Cyber-enabled fraud has become one of the most pervasive digital threats facing governments, businesses and individuals worldwide, according to Global Cybersecurity Outlook 2026 report by the World Economic Forum (WEF). The report warns that cybercrime is expanding at an unprecedented pace, fueled by advances in AI, fragmented global politics, and growing weaknesses in supply chains.”[4] He adds, “Chief executives now rank cyber-enabled fraud as their top digital risk, overtaking ransomware. By contrast, chief information security officers continue to focus on ransomware attacks and the fragility of supply chains.”

What Can Be Done?

Defending against cyberattacks is difficult. The WEF report notes, “The digital supply chain is highly interconnected, with dependencies within and across industries that are often not clearly mapped. A breach or disruption of one supplier can cascade through the entire ecosystem, affecting production, operations and even other suppliers or customers. This complexity makes it difficult to assess and manage cyber risk effectively. Attacks on widely used software or service providers can have global and systemic impacts.” The report adds, “Cyber risk is no longer a technical issue alone — it is a strategic, economic and societal concern that demands coordinated action across sectors and borders.” Enterprises around the world are asking, what can be done? Below are a few suggestions.

Collaborate. As the WEF report notes, today’s circumstances “demand coordinated action.” When that occurs, the report notes, “There are reasons for optimism.” It explains, “Organizations that embed resilience into leadership agendas, proactively manage supply chain and AI risks, and engage their broader ecosystems are better positioned to withstand shocks and adapt to uncertainty. … Building a secure digital future requires more than technical solutions. It calls for decisive leadership, shared accountability and a commitment to lifting the collective baseline — ensuring that resilience is accessible to all, not just the most well-resourced.”

Be Proactive. Hizmy Hassen, Chief Digital Officer at Apollo Tyres Ltd, asserts, “Complacency in supply chain cybersecurity could be your biggest risk.”[5] He explains, “No organization is too big or too well-resourced to be targeted. … Yet the latest State of Supply Chain Security report found that 94% of organizations are confident they could respond to a supply chain attack, and around a fifth believe they would not be affected if a key supplier was unable to operate for five days. Set against those case studies, too much confidence in cybersecurity looks less like resilience and more like wishful thinking.” Complacency can only be overcome through proactive programs. Hassen believes companies should start by “[mapping] out which partners are critical to which plants and customers, which systems are connected, and what data flows in each direction. If you model the impact of a key supplier being offline for a week, the single points of failure reveal themselves very quickly. This informs how you plan and rehearse your response with the most critical suppliers. Manufacturers should increase investment in independent external assessments of those partners, including targeted penetration tests and ‘white-hat’ exercises. At a time when cyber insurance premiums are rising, being able to evidence that kind of proactive testing can lead to more favorable conversations with insurers.”

Let AI Help. As noted at the beginning of this article, the benefits of artificial intelligence in supply chain operations have been clearly proven. At the same time, we have seen the first cyberattacks carried out by AI agents. When it comes to cybersecurity, companies must fight fire with fire. Paolo Dal Cin, global lead at Accenture Cybersecurity, notes, “The weaponization of AI, persistent geopolitical friction, and systemic supply chain risks are upending traditional cyber defenses. For C-suite leaders, the imperative is clear; they must pivot from traditional cyber protection to cyber defense powered by advanced and agentic AI to be resilient against AI-driven threat actors.”[6]

Concluding Thoughts

The WEF report on cybersecurity makes an interesting point. It states, “In 2026, geopolitics remains the top factor influencing overall cyber risk mitigation strategies. Some 64% of organizations are accounting for geopolitically motivated cyberattacks — such as disruption of critical infrastructure or espionage.” Many of those attacks originate in China, Russia, and Iran. Graham adds, “Threat actors are exploiting weaknesses in global supply chains. Whether motivated by financial gain, political objectives, or disruption, they are targeting the very systems we rely on to keep lights on, shelves stocked, and public services running.” The Supply Chain 24/7 staff bluntly states, “The message is clear. Cyber risk in logistics [or elsewhere in the supply chain] is no longer just an IT concern or a rare disruption. It’s becoming a regular supply chain challenge, and one that can move faster than weather events, labor issues, or equipment breakdowns.” Supply chains without a good cybersecurity program in place will remain vulnerable to disruption and collapse.

Footnotes

[1] Mark Graham, “Supply chains are the overlooked risk in industrial cybersecurity,” Computer Weekly, 17 November 2025.

[2] Pacific Northwest National Laboratory, “Scientists address risks to supply chain in a connected world,” EurekAlert!, 28 October 2024.

[3] Staff, “Cyberattacks on Logistics Are Set to Double in 2026, Report Finds,” Supply Chain 24/7, 12 January 2026.

[4] Dev Kundaliya, “Cyber fraud and geopolitics reshaping global threat landscape, warns WEF,” Computing, 13 January 2026.

[5] Hizmy Hassen, “Complacency in supply chain cybersecurity could be your biggest risk,” Computing, 11 December 2025.

[6] Emma Woollacott, “Supply chain and AI security in the spotlight for cyber leaders in 2026,” IT Pro, 13 January 2026.