A recent study by cybersecurity company Kaspersky has identified supply chain attacks as one of the most pressing threats facing businesses today, with findings showing that one in three organisations experienced such incidents over the past year. The report highlights growing concerns among enterprises as they struggle to manage increasingly complex digital ecosystems and dependencies on third party vendors.
The research points to a combination of workforce challenges and competing security priorities as key contributors to the rising risk. Around 42 percent of respondents cited a shortage of qualified IT security professionals as a major barrier, while a similar proportion indicated that organisations are forced to juggle multiple cybersecurity tasks at once. This strain on resources often leads to gaps in oversight, particularly in areas related to supply chain and trusted relationship risks. As security teams are spread thin, critical vulnerabilities linked to external partners may go unaddressed, increasing the likelihood of breaches.
Beyond staffing and resource issues, the study also highlights structural weaknesses within organisations. Approximately 39 percent of respondents reported that their contracts with vendors and contractors lack clearly defined IT security obligations, making it difficult to enforce consistent protection standards. Additionally, 32 percent noted that employees outside of IT security roles do not fully understand the risks associated with supply chain threats, which can further complicate mitigation efforts. These internal gaps create an environment where vulnerabilities can persist unnoticed, especially when coordination across departments is limited.
On a broader scale, the findings reveal that many organisations recognise the need for stronger defenses but have yet to implement effective measures. About 85 percent of businesses acknowledged that their current protection against supply chain and trusted relationship risks requires improvement, while only 15 percent believe their existing security frameworks are sufficient. Despite this awareness, the adoption of mitigation practices remains inconsistent. No single protective measure has been adopted by more than 40 percent of respondents, indicating a fragmented approach to cybersecurity. Even widely recommended safeguards such as two factor authentication are used by just 38 percent of organisations, while only 35 percent conduct regular assessments of their contractors’ cybersecurity posture. As a result, a significant number of businesses lack continuous visibility into the security practices of their partners, leaving them exposed to evolving threats across interconnected systems.
The study also observed that organisations which have already experienced supply chain or trusted relationship attacks tend to adopt more robust security practices afterward. Companies affected by supply chain incidents are more likely to request penetration testing results from vendors, with 56 percent prioritising this measure. Similarly, businesses impacted by breaches involving trusted relationships show increased focus on verifying compliance with industry standards and evaluating contractors’ own supply chain policies, with both areas receiving attention from more than half of respondents. This pattern suggests that direct experience with cyber incidents often drives stronger security awareness and more proactive risk management strategies among enterprises.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
