Islamabad: Supply chain attacks are emerging as a significant risk for organizations, with a new report by Kaspersky showing that one in three businesses experienced such incidents in the past year.
The findings point to increasing vulnerabilities in third-party networks, where attackers exploit trusted relationships to gain access to systems. Experts say the issue is being intensified by limited cybersecurity resources and fragmented risk management strategies.
According to the study, 42% of organizations cite a lack of skilled cybersecurity professionals as a major barrier to addressing supply chain risks. At the same time, security teams are often required to manage multiple priorities, reducing their ability to focus on long-term protection.
Gaps in policies and awareness
The report also highlights weaknesses in governance and awareness. Nearly 39% of respondents said vendor contracts lack clear cybersecurity requirements, while 32% indicated that employees outside IT departments have limited understanding of these risks.
Such gaps increase exposure to attacks that can move through partner networks without immediate detection.
Limited visibility into third-party risks
Most organizations acknowledge the need for stronger defenses, with 85% saying they must improve protection against supply chain threats. However, only a small proportion believe their current systems are effective.
Security practices remain uneven, with fewer than 40% of organizations adopting common measures such as two-factor authentication. Regular security reviews of contractors are also limited, reducing visibility into potential vulnerabilities.
Strengthening resilience
Kaspersky said companies that have experienced attacks tend to adopt stricter security controls, including compliance checks and risk assessments.
The report recommends strengthening third-party risk management through continuous monitoring, employee training, and the use of managed security services. It also calls for clearer contractual obligations and greater coordination across business networks to reduce exposure.
