Supply chain cybersecurity breaches have hit alarming percentage of firms: survey

97% of firms have been impacted by a cybersecurity breach in their supply chain, a study by BlueVoyant said

A new study says that the supply chain is a magnet for cyber breaches

A whopping 97% of firms have been impacted by a cybersecurity breach in their supply chain, a study by cybersecurity company BlueVoyant said.

And 93% admitted that they have suffered a direct cybersecurity breach because of weaknesses in their supply chain. 

FACEBOOK BANS DEVELOPER OVER BROWSER EXTENSION THAT LETS USERS DELETE NEWS FEED: REPORT 

Daniel Ennis, global head of threat intelligence and operations at BlueVoyant, speaks during the 2018 CERAWeek by IHS Markit conference in March 2018. (F. Carter Smith/Bloomberg via Getty Images / Getty Images)

"Breaches … are still staggeringly high," said Adam Bixler, global head of third-party cyber risk management at BlueVoyant, in a blog post

"Focused attackers are continually scanning businesses for open vulnerabilities … and business trust relationships means that if a supplier is affected, it could affect an ‘upstream’ connection," Bixler told FOX Business. 

This is happening despite more awareness of the risks and the rising cybersecurity budgets to deal with it. But the complexity of the people, processes, and technologies needed to build a comprehensive defense against attacks means that money isn’t always spent effectively, Bixler said.  

Additional findings include:

-Third-party supplier disconnect: a higher number of respondents, 38%, said that they had no way of knowing when or if an issue arises with a third-party supplier’s cybersecurity compared to 31% last year. 

-Third-party cyberattack risk being taken more seriously: Only 13% of companies said that third-party cyber risk was not a priority compared to last year when 31% of companies said it was not a priority. 

-Budgets up: 91% say that the budget for third-party cyber risk management is increasing in 2021. 

The study was conducted by independent research organization, Opinion Matters, and recorded the experiences of 1,200 IT executives in organizations with more than 1,000 employees across a range of industries in the U.S. and other countries.  

Daniel Ennis, head of threat intelligence with BlueVoyant, speaks during a Bloomberg Future of Cybersecurity conference in May 2018. (Joshua Roberts/Bloomberg via Getty Images / Getty Images)

CLICK HERE TO GET FOX BUSINESS ON THE GO 

This follows a study in September from CyberGRX, based on research done by Forrester Consulting, highlighting third-party risk. 

That study also said that organizations recognize third-party threats but fail to take adequate measures to mitigate them. 

"Today’s organizations constantly exchange confidential information with third parties," Forrester said. 

"This exposes both sides to significant cyber risk" including data loss and ransomware, Forrester said, adding that 95% of respondents said their organizations experienced a challenge in managing third-party risk. 

CLICK HERE TO READ MORE ON FOX BUSINESS 

A person dressed as an internet hacker is seen with binary code displayed on a laptop screen in this illustration photo taken in Krakow, Poland last August. (Jakub Porzycki/NurPhoto via Getty Images / Getty Images)

And as enterprises turn more to cloud and software-as-a-service (SaaS), the percentage of data shared with third parties is expected to ramp up over the next five years. 

Organizations that have experienced an incident also tend to share a higher percentage of their critical data (30%) than firms that haven’t been hit (22%), Forrester said. And firms that have experienced an incident are less likely to have tools in place to mitigate third-party cyber risks.