Islamabad: Supply chain attacks have emerged as a leading cybersecurity threat for businesses worldwide, with one in three organizations reporting incidents over the past year, according to a new study by Kaspersky.
The report highlights growing vulnerabilities in vendor and partner networks, warning that limited cybersecurity resources and competing priorities are leaving organizations exposed. Nearly 42% of respondents cited a shortage of qualified IT security professionals and the need to manage multiple security tasks as key challenges in addressing these risks.
The findings indicate that many companies lack the capacity to effectively monitor third-party risks, increasing the likelihood of breaches through trusted relationships. This has made supply chain security a critical concern for organizations operating in interconnected digital environments.
Workforce gaps and structural challenges
According to the survey, workforce limitations remain a major barrier to improving cybersecurity defenses. Security teams are often overstretched, forcing them to prioritize immediate threats over long-term resilience strategies.
In addition, 39% of respondents said their contracts do not clearly define IT security obligations for contractors, while 32% reported that non-IT staff lack awareness of supply chain risks. These structural gaps further weaken organizational defenses against increasingly sophisticated cyber threats.
Gaps in protection measures
Globally, 85% of businesses acknowledged the need to strengthen their protection against supply chain and trusted relationship risks. However, only 15% believe their current security measures are effective.
Kaspersky survey finds 83% of employees stay connected during time off, raising digital anxiety concerns
The study also found that existing mitigation practices remain inconsistent. No single protective measure is used by more than 40% of organizations. Two-factor authentication, one of the most common safeguards, is implemented by just 38% of respondents, while only 35% conduct regular cybersecurity reviews of contractors.
As a result, many organizations lack continuous visibility into the security posture of their partners, leaving them vulnerable to evolving risks across their ecosystems.
Response and recommendations
Kaspersky noted that companies previously affected by such attacks tend to adopt stronger security practices, including requesting penetration test results and ensuring compliance with industry standards.
Sergey Soldatov, Head of Security Operations Center at Kaspersky, said organizations need more unified and consistent mitigation strategies, including standardized contractor assessments and improved cross-team awareness.
The company recommends adopting managed security services, enhancing employee cybersecurity training, and conducting thorough evaluations of suppliers. It also advises including clear security requirements in contracts and strengthening collaboration with partners to reduce risks
Today's E-Paper