Kaspersky’s new global study, “Supply chain reaction: securing the global digital ecosystem in an age of interdependence”, has identified the lack of qualified IT security professionals and the need to properly prioritize cybersecurity tasks as two of the main factors that hinder the mitigation of risks associated with the supply chain and trust relationships. Both aspects are pointed out by nearly half (42%) of those surveyed in Spain.

According to Kaspersky’s study on supply chain risks and trust relationships, these cyberattacks have established themselves as one of the main threats to companies, since one in three organizations has suffered an incident of this type in the last year. The frequency and severity of these attacks in the supply chain make it necessary to identify the factors that prevent companies from managing them effectively.

Lack of talent and fragmented priorities

One of the main obstacles to reducing supply chain risks is the shortage of qualified cybersecurity professionals. This lack limits organizations’ ability to continually monitor third-party vulnerabilities within their ecosystems and supply chain. The need for specialists in this field is especially high in countries such as Spain, Vietnam, the United Arab Emirates and Mexico.

Another relevant challenge is the need to manage multiple cybersecurity priorities at the same time, which causes teams to be overloaded and certain threats, such as those related to the supply chain, to be left unattended. This factor is especially notable among respondents from India, Vietnam, Singapore and Egypt.

Structural problems in supplier management

Beyond the lack of resources, organizations also face structural problems that directly affect supply chain security. 39% of respondents affirm that their contracts with suppliers do not include clear cybersecurity obligations, a situation especially visible in countries such as Vietnam, Turkey, Spain and Mexico. In addition, 32% recognize that personnel not specialized in IT security do not fully understand the risks associated with the supply chain.

Globally, 85% of companies admit that they need to improve their protection measures against supply chain risks, while only 15% consider their current controls to be truly effective. This level of confidence is even lower in key economies such as Germany (6%), Turkey (7%), Italy (8%), Brazil (8%), Russia (8%) or Saudi Arabia (9%).

Protection practices still insufficient

The study also reveals that current measures to mitigate third-party risks in the supply chain remain fragmented. No practice exceeds 40% adoption among organizations. Even the most widespread measure, two-factor authentication, is only used by 38% of respondents.

Likewise, only 35% of companies conduct regular reviews of their suppliers’ cybersecurity posture within the supply chain. As a result, nearly two-thirds of organizations lack continuous visibility into their partners’ security, increasing their exposure to vulnerabilities throughout the supply chain.

The report also shows that companies that have already suffered these types of cyberattacks tend to adopt more advanced measures. For example, those affected by supply chain incidents are more likely to request penetration test results (56%), while victims of attacks based on trust relationships prioritize verifying compliance with industry standards (56%) and their suppliers’ security policies (53%).

The study also reveals that current measures to mitigate third-party risks in the supply chain remain fragmented

“When security teams are overburdened, understaffed, and forced to prioritize urgent tasks against long-term resilience goals, organizations are exposed to threats that can silently spread throughout their supplier ecosystem and supply chain. Breaking this cycle requires more unified and consistent mitigation strategies, from standardized supplier assessments to increased awareness across teams. Supply chain security must become a shared and enforceable responsibility across the entire enterprise network,” says Sergey Soldatov, head of the Security Operations Center at Kaspersky.

Only by implementing preventive measures at the organizational level and a strategic approach to managing suppliers and contractors will it be possible to reduce risks in the supply chain and ensure business resilience, according to Kaspersky in preparing the report.

Kaspersky recommendations

To mitigate risks in the supply chain, Kaspersky recommends:

  • Adopt managed security services, such as Kaspersky Managed Detection and Response (MDR) or Incident Response, especially in organizations without sufficient internal resources.
  • Invest in cybersecurity training for employees, through programs such as Kaspersky Cybersecurity Training.
  • Thoroughly evaluate suppliers before establishing agreements, reviewing their security policies, incident history and regulatory compliance within the supply chain.
  • Include specific cybersecurity requirements in contracts with suppliers, such as periodic audits or incident notification protocols that reinforce supply chain security.
  • Work closely with suppliers on security to strengthen joint protection throughout the supply chain.
Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.