Software Supply Chain Attacks Have Increased Financial and Reputational Impacts on Companies Globally, New BlackBerry Research Reveals

Rhea-AI Summary

BlackBerry's recent study reveals that over 75% of software supply chains faced cyberattacks in the past year. Conducted in April 2024, the survey involved 1,000 senior IT and cybersecurity leaders. Findings indicate that 51% of companies could recover from breaches within a week, a slight drop from two years ago, while 40% took a month to recover, an increase from before. Notably, 74% of the attacks occurred through unmonitored or unknown supply chain members. Despite measures like data encryption and multi-factor authentication, companies still suffered financial, data, reputational, and operational impacts. Confidence in supply chain cybersecurity remains high, with 68% of respondents trusting their suppliers' vulnerability management. However, challenges such as lack of technical understanding and visibility hinder regular software inventories. Additionally, while 78% track the impact on end users, only 65% inform their customers due to reputation concerns and resource constraints.

Positive

• Over 75% of software supply chains faced cyberattacks, highlighting the critical need for enhanced security measures.
• 51% of companies could recover from breaches within a week, demonstrating resilience despite increased attacks.
• 68% of respondents are very confident in their suppliers' ability to identify and prevent vulnerabilities.
• 41% of companies request quarterly proof of cybersecurity compliance from supply chain partners.
• 78% of companies track the impact of cyberattacks on end users, showing a commitment to understanding the broader effects.

Negative

• 74% of attacks came through unmonitored or unknown supply chain members, indicating significant visibility issues.
• Only 65% of companies inform their customers about cyberattack impacts, driven by reputation concerns and resource constraints.
• 51% of companies cite a lack of technical understanding as a barrier to regular software inventories.
• Slight drop in quick recovery from breaches, with only 51% recovering within a week compared to 53% two years ago.
• 40% of companies took a month to recover from breaches, up from 37% previously, indicating longer recovery times.

Insights

Cybersecurity Analyst

The report from BlackBerry reveals significant vulnerabilities in software supply chains, with over 75% of respondents experiencing cyberattacks in the past year. The alarming frequency of these attacks underscores the need for more robust cybersecurity measures. Despite implementing strategies like data encryption and multi-factor authentication, the majority of attacks still come from parts of the supply chain that companies fail to monitor. This indicates a strong need for improved visibility and monitoring mechanisms within the supply chain.

From a cybersecurity standpoint, the reliance on trust rather than comprehensive visibility is a glaring weakness. Companies need to adopt more proactive and thorough monitoring protocols, possibly leveraging AI and machine learning to detect potential threats in real-time. The practice of quarterly compliance checks, noted by 41% of respondents, is a step in the right direction but may not be sufficient given the sophistication of modern cyber threats. Continuous, real-time monitoring would provide a higher level of vigilance.

The report also highlights a concerning trend where only 65% of companies inform their customers about breaches. This lack of transparency can erode consumer trust and has potential regulatory implications as legislative bodies are increasingly focusing on software supply chain security.

Financial Analyst

The financial implications of the reported supply chain attacks are substantial. With 64% of companies reporting financial losses and 59% experiencing data loss, the economic impact extends beyond immediate financial damage to long-term reputational harm. These findings are particularly concerning for investors as they indicate potential ongoing costs related to cybersecurity enhancements and loss mitigation efforts.

On the other hand, companies that proactively upgrade their cybersecurity measures and demonstrate transparency could potentially see an improvement in their market position as they regain and strengthen customer trust. There is also a possibility of increased spending on cybersecurity tools and services, benefiting companies within this sector. Investors should watch for any strategic moves by BlackBerry to capitalize on this trend, such as new product offerings or partnerships aimed at enhancing cybersecurity measures for supply chains.

Market Research Analyst

Market confidence in the ability of suppliers to handle cybersecurity is relatively high, with 68% of respondents expressing confidence in their suppliers' capabilities. However, the report highlights significant barriers, such as lack of technical understanding and effective tools, which could impede effective cybersecurity practices.

From a market perspective, this indicates a growing demand for advanced cybersecurity solutions tailored to address the specific challenges of supply chain security. Vendors who can provide comprehensive solutions that address visibility and monitoring deficiencies are likely to see increased demand. Additionally, the market might witness a shift towards more stringent regulatory requirements, compelling companies to invest more in compliance and reporting tools.

For retail investors, understanding the market dynamics around cybersecurity investments and the potential for growth in this sector can provide insights into which companies might perform well in the future. Keeping an eye on regulatory changes and how companies adapt their strategies will be crucial.

BlackBerry study reveals more than 75 percent of software supply chains were exposed to cyberattacks in the last twelve months.

WATERLOO, ON, June 6, 2024 /PRNewswire/ -- BlackBerry Limited (NYSE: BB; TSX: BB) today released the results of a global survey of 1,000 senior IT decision makers and cybersecurity leaders conducted in April 2024 by Coleman Parkes on the security of the global software supply chain. The BlackBerry study sought to identify the procedures companies currently use to manage and lower the risk of security breaches from their software supply chain, drawing comparisons to previous research conducted in October 2022. 

Recovery After an Attack and Impact on the Business

After an attack, a little more than half of companies (51 percent) were able to recover from a breach within a week, a slight drop (53 percent) from two years ago – while nearly 40 percent took a month, a slight increase (37 percent) from before. Slightly less than three quarters of attacks (74 percent) came through members of the software supply chain that companies were either not aware of or not monitoring before the breach. This was despite insisting on data encryption (52 percent), security awareness training for staff (48 percent), and multi-factor authentication (44 percent).

"How a company monitors and manages cybersecurity in their software supply chain has to rely on more than just trust," explains Christine Gadsby, Vice President, Product Security, BlackBerry. "IT leaders must tackle the lack of visibility as a priority." 

And that risk comes with a real price -- in financial loss (64 percent), data loss (59 percent), reputational damage (58 percent), and operational impact (55 percent).

Confidence Buoyed by Monitoring

More than two thirds of respondents (68 percent) were "very confident" that suppliers can identify and prevent a vulnerability. A slightly smaller percentage (63 percent) were "very confident" supply chain partners have adequate cybersecurity regulatory and compliance practices. That confidence stems from regular monitoring.

When asked how often they inventory their supply chain partners for cybersecurity compliance, 41 percent asked for proof every quarter. These compliance requests include showing a software bill of materials (SBOM) or a Vulnerability Exploitability eXchange (VEX) artifact. The biggest barriers to regular software inventories are lack of technical understanding (51 percent), lack of visibility (46 percent) and lack of effective tools (41 percent).

Telling the Consumer

With over 75 percent of software supply chains attacked in the last 12 months, what about the consumer/end user? Seventy-eight percent of companies are tracking the impact, but only 65 percent are informing their customers. When asked why not, the top two responses were concerned about the negative impact on corporate reputation (51 percent) and lack of staff resources (45 percent).

"There is a risk that companies will be afraid of reporting attacks for fear of public shaming and damage to their corporate reputation," Gadsby notes. "Our research comes at a time of increased regulatory and legislative interest in addressing software supply chain security vulnerabilities."

Other Notable Statistics

• Vulnerable components having the biggest impact for organization 
  • Operating system – 27 percent
  • Web browser – 21 percent
• Expected time taken to be notified in the event of a supplier suffering a cyber breach
  • Within four hours – 34 percent
  • Within 24 hours – 46 percent
  • Within 1-3 days – 18 percent
• Comparability of suppliers' cybersecurity policies
  • They are of comparable strength – 66 percent
  • They are stronger – 30 percent

Notes to editor: Research conducted in April 2024 by Coleman Parkes on behalf of BlackBerry, with 1,000 IT decision-makers and Cybersecurity professionals across North America (USA and Canada), the United Kingdom, France, Germany, Malaysia, and Japan.

About BlackBerry

BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments worldwide.  The company's software powers over 235M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety, and data privacy solutions and is a leader in the areas of endpoint management, endpoint security, encryption, and embedded systems.  BlackBerry's vision is clear - to secure a connected future you can trust.

For more information, visit BlackBerry.com and follow @BlackBerry.

Trademarks, including but not limited to BLACKBERRY and EMBLEM Design, are the trademarks or registered trademarks of BlackBerry Limited, and the exclusive rights to such trademarks are expressly reserved.  All other trademarks are the property of their respective owners.  BlackBerry is not responsible for any third-party products or services.

Media Contacts:
BlackBerry Media Relations
+1 (519) 597-7273
mediarelations@BlackBerry.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/software-supply-chain-attacks-have-increased-financial-and-reputational-impacts-on-companies-globally-new-blackberry-research-reveals-302165423.html

SOURCE BlackBerry Limited

FAQ

How many software supply chains were exposed to cyberattacks in the last year according to BlackBerry?

Over 75% of software supply chains were exposed to cyberattacks in the last year.

What percentage of companies recovered from cyberattacks within a week in BlackBerry's study?

51% of companies were able to recover from cyberattacks within a week.

What are the major impacts of software supply chain attacks mentioned in BlackBerry's study?

The major impacts include financial loss (64%), data loss (59%), reputational damage (58%), and operational impact (55%).

What percentage of attacks came through unmonitored supply chain members according to BlackBerry?

74% of the attacks came through unmonitored or unknown supply chain members.

How confident are companies in their suppliers' ability to manage vulnerabilities in BlackBerry's study?

68% of respondents were very confident in their suppliers' ability to manage vulnerabilities.

What are the biggest barriers to regular software inventories as per BlackBerry's survey?

The biggest barriers are lack of technical understanding (51%), lack of visibility (46%), and lack of effective tools (41%).

Why do companies hesitate to inform customers about cyberattack impacts according to BlackBerry?

Companies hesitate to inform customers due to concerns about negative impacts on corporate reputation (51%) and lack of staff resources (45%).