Companies around the world are emerging from a difficult year for supply chains. As 2025 continues, they must equip themselves with up-to-date knowledge on challenges, trends and innovations to formulate the best strategies to handle increased vulnerabilities.
This is particularly true of supply-chain cybersecurity, which focuses on securing the entire chain of suppliers and service providers that support an organisation’s operations.
From geopolitical tensions to ransomware and artificial intelligence (AI)-driven threats, several factors are likely to affect supply chains this year. The concept of managing supply chain cybersecurity is not new. However, the increasingly rapid shift towards digitalisation and interconnected systems has created new vulnerabilities. Increasingly, criminal organisations and state-sponsored actors are moving to exploit these weaknesses. Their targets range from corporations to critical infrastructure, for reasons ranging from financial gain to political objectives. Regardless of the motivation, the results are often regional and global supply chain disruptions.
The impact of a cybersecurity failure affecting a vendor, partner, or service provider can be disastrous for a company, an entire sector, or even a nation.
Financial Impact and Cascading Effects
NIST’s Cybersecurity Supply Chain Risk Management (C-SCRM) defines supply chain cybersecurity risk as “the potential for harm or compromise that may arise from suppliers, their supply chains, their products, or their services.” Securing a company’s supply chain from a cybersecurity perspective is addressed by international standards and regulatory frameworks such as ISO 27001, NIST CSF, and NIS 2.
In the past few years, cyberattacks have severely impacted supply chains across various industries, a trend that we expect will continue in 2025. Ransomware attacks have compromised supply chain automation solutions, affecting inventory management, order processing and logistics systems. Significant hacking events have frozen critical resource distribution, prompting regulatory action to enhance cybersecurity measures for critical infrastructure.
It is not only businesses that are affected by such incidents. Cyberattacks in the logistics industry have disrupted and affected global trade routes, increasing transportation costs and creating supply chain bottlenecks. In cases of severe impact, the disruption of supply chains and business operations can even affect economic stability, highlighting the potential for hackers to exert significant influence on the real economy.
What to Expect in 2025
As we enter 2025, several geopolitical and technological trends are poised to shape the cybersecurity landscape. Here are some of our key predictions:
Geopolitical tensions and digital sovereignty.
Governments will increasingly prioritise control over their digital borders. Cyber conflicts will continue to escalate, with major supply chain actors in sectors such as energy, transportation, and technology remaining prime targets.
Continued focus on ransomware and extortion
Both state-sponsored and independent hackers will likely target private sector entities for financial gain. Vendors and contractors will remain vulnerable entry points, enabling attackers to exploit trusted relationships to compromise downstream organisations.
Increased attacks on Operational Technology (OT)
Cyberattacks on machinery and robotics in industries relying on OT could severely disrupt production and service delivery, directly impacting supply chain resilience.
AI-Driven Threats
The commoditisation of AI may lead to malicious use of the technology by some attackers. At the same time, the process of companies adopting new technologies may create unintended consequences. In some cases, these consequences might end up exacerbating supply chain vulnerabilities.
Addressing Supply-Chain Cybersecurity Resilience Challenges
Securing supply chains from cyber threats is inherently complex due to the nature of supply chains themselves. Cyber disruptions in planning, sourcing, manufacturing or delivery can have immediate financial and contractual repercussions. Compounding this complexity is the interconnectedness of supply chains, with companies depending on both internal and external suppliers and customers. A disruption at any point in this network can cascade across multiple tiers of suppliers and customers.
When it comes to securing supply chains, the challenge lies in managing not only IT systems—including on-premise and cloud environments—but also applications, databases, networks and OT. Despite these complexities, adhering to foundational cybersecurity practices can significantly enhance supply chain resilience:
Know your processes and assets
Maintain an accurate inventory of all critical systems, processes and dependencies.
Understand third-party dependencies
Identify and assess the cybersecurity posture of key third-party providers and their subcontractors.
Apply cyber hygiene controls
Implement vulnerability management, enforce access control policies, adopt secure development practices and establish backup and disaster recovery plans.
Prepare for the worst
Develop and regularly test robust incident response plans.
These measures may be manageable for smaller organisations with limited assets and partners. However, large corporations with thousands of assets and numerous critical third parties require a risk-based approach. This strategy helps prioritise investments in security controls that mitigate business risks within the organisation’s risk tolerance.
By combining foundational practices with a risk-based approach, organisations can better navigate the challenges in supply-chain cybersecurity and build resilience against future threats.
- Digital Supply Chain
- Risk & Resilience