Supply Chain
Cybersecurity statistics about supply chain
Showing 1-20 of 45 results
36% of security and IT leaders identify third-party vendor or supply chain breaches involving integrated AI or agents as security incidents tied to AI systems.
63% of healthcare practices do not continuously monitor their digital supply chains.
53% of the organisations drawn into third-party ransomware or data extortion incidents traced to a single event: the August 2025 compromise of Miljödata.
64 European organisations were drawn into a ransomware or data extortion incident through a third party.
Among organizations with confirmed AI-related security incidents, Shadow AI contributed to 44% of incidents, data or model poisoning 41%, improper output handling 41%, supply chain vulnerabilities 35%, and prompt injection 34%.
16% of security professionals say supply chain and third-party risk is the boardroom cyber priority boards ask about most.
41% of cybersecurity professionals identify AI-powered attacks at scale as their biggest security concern, compared with 21% citing supply chain risk and 21% citing unknown threats.
38% of organizations in MEA report reliance on third-party ecosystems and vendors, increasing supply-chain blind spots.
70% of security leaders say their organizations apply risk controls only to key suppliers.
72% of organizations are structurally incapable of auditing embedded AI Software Development Kits (SDKs) hidden inside everyday mobile applications.
Malware operators compromised 350 GitHub repositories to inject malicious code into JavaScript and Python projects.
The Axios NPM package was downloaded 100 million times per week.
Of the 48,000+ CVEs published in 2025, only 58 represented a genuine, discoverable, and exploitable threat to enterprise supply chains.
PRESSURE CHOLLIMA conducted the largest financial theft ever reported: $1.46 billion in cryptocurrency via a trojanized supply chain compromise.
More than 48,000 CVEs were published in 2025, an 18% increase year-over-year.
Over 100 advertised leaks and ransomware breaches targeted the automotive supply chain on the dark web in Q4 2025
Third-party involvement occurs in 30% of financial-sector breaches.
In 2025, 92% of npm account takeovers occur.
Every breached vendor now compromises an average of 5.28 downstream companies.
An estimated 26,000 shadow victims remain impacted by vendor breach cascades but are never officially named.