Critical Industries’ Supply Chains Increasingly Susceptible to Cyber Attacks
Recent research has exposed serious supply chain threats affecting critical industries, raising urgent concerns for cybersecurity across essential sectors. A study by DNV Cyber found that only about half of professionals in critical infrastructure believe their organizations fully understand the security vulnerabilities within their supply chains. This limited visibility heightens the risk of cyber threats exploiting these weaknesses.
Managed service providers (MSPs) have long been aware of the heightened risk they face from cybercriminals aiming to breach larger targets through the supply chain. However, the DNV Cyber study indicates that a substantial number of customers may not fully recognize the risks associated with their chosen partners. Notably, industries deemed critical to societal functions exhibit a concerning lack of awareness regarding the security postures of their supply chains.
The research further uncovers that slightly more than a third of respondents believe that cybercriminals may have already infiltrated their supply chains, with suppliers potentially failing to disclose such breaches. This suspicion underscores the necessity for enhanced transparency and communication between organizations and their suppliers to promptly identify and address security incidents.
Auke Huistra, director of industrial and operational technology cybersecurity at DNV Cyber, emphasizes the importance for suppliers to anticipate and prepare for inquiries from informed customers regarding their security credentials. Huistra advises suppliers to be ready to demonstrate their cybersecurity measures and compliance with industry standards to maintain trust and business relationships.
The escalating complexity of supply chains contributes to a more opaque and unpredictable risk landscape. As organizations increasingly rely on third-party vendors and services, they inadvertently expand their attack surface, making it imperative to assess and manage the security practices of all partners involved.
This concern is not isolated. The World Economic Forum’s 2025 Global Cybersecurity Outlook highlights that escalating geopolitical tensions are leading to increased cyberattacks from nation-state actors and criminal gangs. The report points out that the intricate nature of modern supply chains adds layers of complexity to cybersecurity efforts, making it challenging for organizations to maintain comprehensive oversight.
The healthcare and financial services sectors have emerged as primary targets for third-party breaches, including supply chain attacks. A report by Black Kite indicates that 35% of observed attacks targeted healthcare organizations, while 16% affected financial services. These statistics highlight the critical need for robust supply chain security measures in sectors handling sensitive information.
The UK’s National Cyber Security Centre (NCSC) has also raised concerns about the nation’s preparedness against cyber threats from hostile states and organized crime groups. Richard Horne, head of the NCSC, notes a significant increase in severe cyber incidents, emphasizing the need for both public and private sectors to bolster their defenses to stay ahead of adversaries.
The rise in supply chain attacks has prompted discussions about the role of managed service providers in mitigating risks. Experts suggest that MSPs should implement stringent security protocols and conduct regular assessments to ensure they do not become conduits for cyber threats targeting their clients.
In light of these findings, organizations are encouraged to adopt a proactive approach to supply chain security. This includes conducting thorough due diligence when selecting suppliers, continuously monitoring for potential vulnerabilities, and fostering open communication channels to swiftly address any security concerns that arise.
As cyber threats continue to evolve, the imperative for critical industries to fortify their supply chains against potential attacks becomes increasingly clear. By enhancing visibility, fostering collaboration, and implementing robust security measures, organizations can better protect themselves and the essential services they provide to society.
