Supply Chain
Cybersecurity statistics about supply chain
Showing 1-20 of 45 results
63% of healthcare practices do not continuously monitor their digital supply chains.
64 European organisations were drawn into a ransomware or data extortion incident through a third party.
Among organizations with confirmed AI-related security incidents, Shadow AI contributed to 44% of incidents, data or model poisoning 41%, improper output handling 41%, supply chain vulnerabilities 35%, and prompt injection 34%.
36% of security and IT leaders identify third-party vendor or supply chain breaches involving integrated AI or agents as security incidents tied to AI systems.
53% of the organisations drawn into third-party ransomware or data extortion incidents traced to a single event: the August 2025 compromise of Miljödata.
16% of security professionals say supply chain and third-party risk is the boardroom cyber priority boards ask about most.
38% of organizations in MEA report reliance on third-party ecosystems and vendors, increasing supply-chain blind spots.
41% of cybersecurity professionals identify AI-powered attacks at scale as their biggest security concern, compared with 21% citing supply chain risk and 21% citing unknown threats.
70% of security leaders say their organizations apply risk controls only to key suppliers.
The Axios NPM package was downloaded 100 million times per week.
Malware operators compromised 350 GitHub repositories to inject malicious code into JavaScript and Python projects.
72% of organizations are structurally incapable of auditing embedded AI Software Development Kits (SDKs) hidden inside everyday mobile applications.
PRESSURE CHOLLIMA conducted the largest financial theft ever reported: $1.46 billion in cryptocurrency via a trojanized supply chain compromise.
Over 100 advertised leaks and ransomware breaches targeted the automotive supply chain on the dark web in Q4 2025
More than 48,000 CVEs were published in 2025, an 18% increase year-over-year.
Of the 48,000+ CVEs published in 2025, only 58 represented a genuine, discoverable, and exploitable threat to enterprise supply chains.
Third-party involvement occurs in 30% of financial-sector breaches.
In 2025, 92% of npm account takeovers occur.
Every breached vendor now compromises an average of 5.28 downstream companies.
An estimated 26,000 shadow victims remain impacted by vendor breach cascades but are never officially named.