Supply Chain Attacks Rise as Leading Cyber Threat for Global Businesses
Supply chain attacks have rapidly emerged as the most widespread cybersecurity threat facing businesses today, with nearly one in three companies affected over the past year, according to new research commissioned by Kaspersky.
The report underscores growing vulnerabilities across the Asia-Pacific region, where attack rates exceed global averages in several key markets. China stands out, with approximately 40% of enterprises reporting supply chain breaches significantly higher than the global average of 31%. Vietnam and Singapore also recorded elevated levels of incidents.
These findings align with concerns from the World Economic Forum, which revealed that 65% of large organisations consider third-party and supply chain risks to be the biggest obstacle to achieving cyber resilience.
Large enterprises are particularly exposed. Companies managing vast ecosystems of suppliers often around 100 and granting access to over 130 contractors significantly expand their attack surface. This creates more opportunities for cybercriminals to exploit trusted relationships within business networks.
So-called “trusted relationship attacks” have impacted 25% of organisations globally. In Asia-Pacific, Singapore has emerged as a key hotspot, with one in three businesses reporting such incidents.
Despite the growing scale of the threat, supply chain risks remain under-prioritised. Only 9% of organisations identified supply chain attacks as their top cybersecurity concern, while just 8% said the same for trusted relationship threats.
Instead, many businesses continue to focus on high-profile threats such as ransomware and advanced persistent attacks even though these occur less frequently. This mismatch highlights a critical gap between perceived risk and actual exposure.
Kaspersky warns that as digital ecosystems expand, cyber risks will continue to grow in parallel. Increasing interconnectivity between organisations, vendors and partners is creating a more complex and fragile security landscape.
To address this, the company is urging businesses to adopt a more holistic approach to cybersecurity one that extends beyond internal systems to include the entire supply chain ecosystem.
Recommended measures include stricter supplier vetting processes, implementation of zero trust security frameworks, continuous monitoring of third party access and well defined incident response strategies.
