The cybersecurity landscape is rapidly shifting, and supply chains are at the forefront of this battle. BlueVoyant’s 2024 State of Supply Chain Defense report sheds light on the increasing attention companies are paying to third-party risk management (TPRM). Across sectors, businesses are moving beyond awareness to take concrete actions that address the complexities of modern cyber threats. From healthcare to finance, organizations are not only recognizing the importance of TPRM but investing actively in robust defenses.

The Shift to Proactive Defense in Supply Chain Security

For years, businesses have acknowledged the risks that come with third-party vendors. However, BlueVoyant’s report shows that companies are now prioritizing active defense over passive compliance. A survey of over 2,100 executives reveals a trend of meaningful investment in TPRM, marking a shift from traditional risk avoidance to strategic risk management. Instead of simply “checking the box” on cybersecurity compliance, these leaders are enhancing resilience by collaborating closely with vendors and adopting more hands-on approaches.

Key Findings of the BlueVoyant Report

The report reveals critical insights into the state of third-party cybersecurity:

1. High Breach Incidence with Signs of Improvement: While breaches remain common, with 81% of organizations experiencing supply chain cyber incidents in the past year, the figure has decreased from 94% in 2023. This drop suggests that investment in TPRM may be yielding some early benefits, yet an average of 3.7 breaches per organization highlights the ongoing challenges.
2. Increased Vendor Collaboration: In 2024, 36% of organizations are actively working with their vendors to address cybersecurity concerns, nearly doubling last year’s rate of 19%. This shift demonstrates that companies are increasingly viewing cybersecurity as a shared responsibility and are building partnerships to fortify their defense.
3. Budget Allocations Reflecting Commitment: A striking 86% of surveyed businesses have increased their TPRM budgets, emphasizing that cybersecurity is a top priority. Companies are allocating more resources to improve visibility, develop detection tools, and automate monitoring processes.
4. Limited Monitoring of Vendors: Despite these gains, gaps persist. Only 32% of third-party vendors are regularly monitored, underscoring the importance of automation and scalable solutions to address resource constraints and improve continuous monitoring.

Industry-Specific Cybersecurity Challenges

The findings also underscore how certain industries face distinct challenges:

• Healthcare Under Siege: Healthcare and pharmaceutical sectors reported the highest breach rates, with 87% experiencing supply chain incidents. These sectors face unique difficulties, as over a third of organizations lack basic threat detection for third-party vendors, leaving them highly exposed to cyber risks.
• Finance and Critical Infrastructure: Financial institutions and critical infrastructure sectors, which rely on intricate supply chains, have intensified efforts to secure third-party networks but still face persistent threats. Enhanced vendor collaboration in these industries is gradually helping to bridge security gaps.

Joel Molinoff, BlueVoyant’s global head of supply chain defense, noted, “While this progress brings many new challenges, it’s a big step forward compared to previous years, when many organizations barely tracked their third-party vendors or collaborated on cybersecurity issues.” His comment reflects a growing realization within organizations: proactive and collaborative approaches are essential to combating supply chain vulnerabilities.

Strategic Takeaways from the Report

BlueVoyant’s report outlines several trends that underscore the shift towards proactive third-party risk management:

1. TPRM Budgets Reflect Priorities: Organizations are demonstrating their commitment by increasing TPRM budgets to enhance their defenses. This investment underscores the recognition that TPRM is crucial not only for compliance but also as a resilience asset in the face of growing cyber threats.
2. Collaborative Cybersecurity Approaches: Increased vendor collaboration shows that companies recognize the interconnected nature of cyber threats. By partnering with vendors on cyber risk remediation, businesses are enhancing their collective security posture.
3. Automation to Fill Monitoring Gaps: The persistent gap in vendor monitoring points to a pressing need for automation and advanced tools. Companies must continue to invest in these technologies to gain real-time visibility and manage third-party risks efficiently.
4. Addressing Healthcare’s Unique Vulnerabilities: The high breach rates in healthcare highlight the sector’s urgent need for targeted cybersecurity improvements. From bolstering threat detection to strengthening vendor oversight, healthcare organizations must prioritize robust defenses to protect patient data and maintain trust.

Conclusion: The Path Forward for Supply Chain Cybersecurity

BlueVoyant’s findings indicate that businesses are increasingly ready to tackle the unique challenges of supply chain cybersecurity. In an era of interconnected global networks, having a resilient third-party risk management program is not just beneficial but essential. As organizations continue to refine their TPRM strategies, focus on collaboration, automation, and robust monitoring will be paramount. With a proactive approach, businesses can transform third-party cybersecurity from a vulnerability into a core asset, safeguarding not only their operations but also the trust of their customers.