Skip to main content
HomeTopicsSupply Chain

Supply Chain

Cybersecurity statistics about supply chain

Showing 1-20 of 45 results

63% of healthcare practices do not continuously monitor their digital supply chains.

Omega Systems6/28/2026
Healthcare

64 European organisations were drawn into a ransomware or data extortion incident through a third party.

Black Kite6/28/2026
Third-Party RiskRansomware

Among organizations with confirmed AI-related security incidents, Shadow AI contributed to 44% of incidents, data or model poisoning 41%, improper output handling 41%, supply chain vulnerabilities 35%, and prompt injection 34%.

Cobalt6/28/2026
AI SecurityAttack Vectors

36% of security and IT leaders identify third-party vendor or supply chain breaches involving integrated AI or agents as security incidents tied to AI systems.

ExtraHop6/28/2026
AI Security

53% of the organisations drawn into third-party ransomware or data extortion incidents traced to a single event: the August 2025 compromise of Miljödata.

Black Kite6/28/2026
Third-Party RiskRansomware

16% of security professionals say supply chain and third-party risk is the boardroom cyber priority boards ask about most.

Filigran6/20/2026
Boardroom RiskThird-Party Risk

38% of organizations in MEA report reliance on third-party ecosystems and vendors, increasing supply-chain blind spots.

Veeam6/20/2026
Third-Party RiskMiddle East

41% of cybersecurity professionals identify AI-powered attacks at scale as their biggest security concern, compared with 21% citing supply chain risk and 21% citing unknown threats.

Filigran6/20/2026
AI ThreatsAI-Powered Attacks

70% of security leaders say their organizations apply risk controls only to key suppliers.

CSC6/20/2026
Third-Party Risk

The Axios NPM package was downloaded 100 million times per week.

CrowdStrike6/15/2026
Open SourceSoftware Distribution

Malware operators compromised 350 GitHub repositories to inject malicious code into JavaScript and Python projects.

CrowdStrike6/15/2026
Open SourceSoftware Security

72% of organizations are structurally incapable of auditing embedded AI Software Development Kits (SDKs) hidden inside everyday mobile applications.

Lookout6/15/2026
Mobile Security

PRESSURE CHOLLIMA conducted the largest financial theft ever reported: $1.46 billion in cryptocurrency via a trojanized supply chain compromise.

CrowdStrike5/27/2026
CryptocurrencyFinancial Theft

Over 100 advertised leaks and ransomware breaches targeted the automotive supply chain on the dark web in Q4 2025

PCA Cyber Security5/27/2026
Automotive CybersecurityDark Web

More than 48,000 CVEs were published in 2025, an 18% increase year-over-year.

Black Kite5/27/2026
VulnerabilitiesCybersecurity

Of the 48,000+ CVEs published in 2025, only 58 represented a genuine, discoverable, and exploitable threat to enterprise supply chains.

Black Kite5/27/2026
VulnerabilitiesCybersecurity

Third-party involvement occurs in 30% of financial-sector breaches.

Filigran5/27/2026
Third-Party RiskFinancial Sector

In 2025, 92% of npm account takeovers occur.

Endor Labs5/27/2026
Open SourceAccount Takeover

Every breached vendor now compromises an average of 5.28 downstream companies.

Black Kite5/27/2026
Third-Party Risk

An estimated 26,000 shadow victims remain impacted by vendor breach cascades but are never officially named.

Black Kite5/27/2026
Third-Party RiskShadow Victims