According to the latest research from leading cybersecurity company BlueVoyant, the cybersecurity breaches targeting supply chains within Australian organisations continue to intensify. In its milestone 'State of Supply Chain Defence: Annual Global Insights Report', released today, BlueVoyant revealed that the impact from supply chain cyber breaches surged by 17% this year. An average of 4.06 breaches were reported that negatively affected operations, marking an increase from the mean number of 3.48 breaches in 2022.
The study uncovers a mixed picture of Australia's readiness against supply chain cyber threats compared to other parts of the world. Surveyed Australians in 2023 regard supply chain cyber risk as a higher priority than respondents globally, registering 42% versus 31% respectively. Yet, strikingly, less than half of Australian respondents are monitoring their third parties regularly for cyber risks, lagging behind global behaviour (44% vs 47%).
The research also paints a contrasting picture of management attitudes to cyber risk. In Australia, senior management is more likely to be briefed monthly or more on supply chain cyber risk (51% compared to 44% overall). At the same time, Australian respondents are less likely to have received a budget increase, with only 73% compared to 85% globally. Interestingly, of those forecasting a forthcoming budget increase, the motivation appeared to stem directly from the experience of recent breaches. This cause was reported by 68% when regarding improved internal resources and 56% with respect to augmented external resources.
The aftermath of recent breaches also had an effect on corporate governance, leading to escalated scrutiny and oversight from the board over supply chain security. This was experienced by 47% of Australian respondents, compared to 39% overall. The heightened attention is not surprising considering the number of high-profile breaches via third parties reported in Australia.
The study highlighted some encouraging areas. For instance, Australian participants were less likely to claim ignorance of third party issues (24% vs 26% overall). The use of automation as a tool for managing third-party cyber risks was more popular among Australian businesses, with 77% adopting it versus a global 73%. There was also a proactive approach to remediation - respondents were more likely to collaborate with third parties all through the process of resolving issues with 36% taking this approach, compared to 19% across the world.
Joel Molinoff, BlueVoyant's Global Head of Supply Chain Defense, indicates a trend of increasing vulnerability across businesses, stating that “Our data suggests that the scope of the problem is increasing, with more enterprise vendors and suppliers falling prey to cyber attacks. Enterprises recognise the issue but the standard approach to third-party risk management is proving inadequate."
Offering a word of advice, Brendan Conlon, chief operating officer for BlueVoyant’s Supply Chain Defence, said that “With a never-ending flow of headlines and regulatory requirements demanding attention to supply chain cyber risk, it is hard to ignore the importance of getting the proper defences in place. Enterprises should examine their current approaches and identify areas for greater efficiency and continuous coverage.”