Today’s vast and interconnected global supply chain is perilously vulnerable to cyber threats. In fact, the World Economic Forum (WEF)’s recent Global Cybersecurity Outlook 2025 found that 54% of large organisations cite supply chain security as the biggest barrier to achieving cyber resilience.
Disruptive cyberattacks such as ransomware can have significant and widespread issues on both upstream and downstream supply chains through mounting production and distribution delays.
Manufacturing and other heavy industry sectors are particularly vulnerable due to their reliance on cyber-physical systems governed by Operational Technology (OT). The convergence of OT and traditional IT has blurred the once-clear boundary between digital infrastructure and physical operations, introducing new cybersecurity risks organisations can no longer ignore.
Cyber threat groups increasingly exploit complex supply chains to hit their targets. Therefore, securing the interconnected systems that power them is a business-critical priority, not just a technical concern.
The rising risks of IT/OT convergence in supply chains
Supply chains have become increasingly digitised and interconnected, with IT and OT networks now deeply integrated across manufacturing, logistics, and distribution. This shift obviously improves efficiency. However, it also exposes critical infrastructure to cyber threats previously only threatened IT systems.
Historically, OT control systems such as supervisory control and data acquisition (SCADA) and programmable logic controllers (PLCs) have existed as a separate environment to traditional IT networks. As such, many of these systems were never designed with cybersecurity in mind and were built for purely physical threats.
Now, a raft of digitisation efforts including cloud-based inventory management, remote monitoring, and smart automation have connected OT to IT systems. This has spurred the side effect of expanding the attack surface and creating new opportunities for cybercriminals to disrupt assets that were previously safely air gapped. Instead, they can breach IT networks and pivot into OT systems, disrupting production, logistics, and the delivery of essential goods.
This supply chain vulnerability is a growing concern. The 2021 SolarWinds attack and the Colonial Pipeline ransomware breach are two of the most high-profile examples of how cyber incidents can cripple entire industries by targeting suppliers or critical infrastructure.
More recently, the 2024 global IT outage, triggered by a faulty software update in CrowdStrike, disrupted airlines, banks, and government services worldwide, underscoring the interdependent nature of modern supply chains.
Mitigating these risks means prioritising supply chain security as a core part of the cyber strategy. Without real-time visibility, proactive risk management, and clear accountability, supply chain disruptions will remain an escalating threat.
Why visibility is the foundation of effective supply chain security
One of the biggest challenges in securing supply chains is the lack of visibility across interconnected systems and suppliers. Many organisations have limited insight into their suppliers’ security postures, let alone the vendors and subcontractors further down the chain. This creates blind spots, where cyber risks can go undetected until a breach occurs. Threat actors will frequently target smaller and less well-defended companies in the supply chain. These companies then serve as entry points to their larger customers or partners.
The WEF report found that 41% of security leaders believe improving third-party visibility is their top priority. Enforcing security compliance among suppliers was also cited as a critical challenge.
Yet many businesses still struggle with fragmented security monitoring and inconsistent enforcement of security policies across their supplier networks. Without comprehensive oversight, threat actors can exploit weak links in chains. These include vulnerable software updates, compromised remote access credentials, or unpatched OT systems.
To reduce risk, businesses must implement a layered approach to visibility. This mustinclude comprehensive asset discovery with the mapping of all IT and OT assets within the supply chain. The goal is to understand their interdependencies and highlight weaknesses and potential attack paths.
Cyber-physical assets present an additional challenge here. Typically, OT systems are usually not compatible with standard cybersecurity tools for vulnerability scanning and threat detection. As such, IT teams need specialist tools to gain complete visibility into OT environments.
Overcoming budgetary constraints and boardroom misconceptions
Despite the growing risks, many organisations still fail to allocate adequate resources to OT and supply chain security. This is often due to a lack of awareness at the board level, where leaders often view cybersecurity as a necessary expense rather than a business enabler.
It’s also important to address the perception of security teams as blockers. Security can’t afford to be ‘the Department of No’ or the ‘Department Who Cried Wolf’. In supply chain operations where efficiency and speed are paramount, some stakeholders can see cybersecurity as an obstacle to productivity rather than a safeguard against disruption.
Shifting this perception means reframing from being a purely defensive measure. Board members respond to business impact, not just technical risks. Therefore, the focus should be on security’s value in protecting operational uptime, preventing financial losses, and maintaining customer trust.
For example, the WEF reports that organisations investing in proactive security measures experience significantly lower operational downtime – a direct business benefit to sell to the board.
Aligning cybersecurity with business objectives will demonstrate how it protects revenue. Emphasising compliance benefits can also be effective, highlighting how investment in security streamlines regulatory adherence and reduces legal risks. These benefits can be backed up with examples of the cost of inaction, such as supply chain breaches leading to multimillion-pound disruptions.
A strong strategy will hit the sweet spot between security and efficiency. For example, bridging the gap between IT, OT, and supply chain teams, helps integrate security into operational workflows rather than becoming a barrier. There should be a focus on implementing security measures that enhance productivity, such as automated threat detection and pre-approved security controls for suppliers.
Making supply chain security a leading business priority
The convergence of IT and OT has made supply chain security a critical business issue, not just a technical challenge. Cybercriminals are exploiting weak links in supplier networks, and most large organisations already identify supply chain security as their biggest cyber resilience challenge.
Without visibility, proactive investment, and board-level support, businesses will remain vulnerable to costly disruptions, regulatory penalties, and reputational damage. Security leaders must reposition cybersecurity as a business enabler to ensure it is integrated into strategic decision-making.
Enterprises must act now to secure their supply chains before a cyberattack forces their hand.
- Digital Supply Chain
- Risk & Resilience