While executives debate AI strategies and digital transformation, a massive blind spot is costing organizations more than they're willing to admit.
The Cybersecurity Wake-Up Call
WTW's 2025 Global Supply Chain Risk Survey delivers a stark reality check: fewer than 8% of businesses have full control over their supply chain risks, and 63% are experiencing higher-than-expected losses. But buried in these numbers is an even more alarming trend—cybersecurity risk has exploded from 5% of companies' top concerns in 2023 to 16% in 2025.
That's a 220% increase in just two years.
The Underlying Article: https://www.dcvelocity.com/supply-chain/other-services/supply-chain-strategy/survey-orgs-are-rethinking-supply-chain-risk
Additional Analysis Below:
Why Cybersecurity Is Different in Supply Chains
Unlike traditional enterprise cybersecurity, supply chain cyber risks multiply across every vendor relationship. When cybersecurity emerges as a "central pillar of enterprise risk management," it's not just about your own systems—it's about the security posture of every supplier, contractor, and third-party service provider in your network.
The survey reveals that organizations are finally "enhancing cross-functional collaboration" and "securing supplier relationships and contracts" with cybersecurity requirements. But the 63% loss rate suggests most are still learning this lesson the hard way.
What Advanced Organizations Are Actually Doing
Companies reducing their exposure aren't just adding cybersecurity clauses to contracts. They're implementing:
Supply Chain Cyber Mapping: Real-time visibility into which suppliers have access to what systems and data
Tiered Security Requirements: Different cybersecurity standards based on supplier access levels and criticality
Continuous Monitoring: Moving beyond annual assessments to ongoing security posture monitoring
Incident Response Integration: Coordinated response plans that account for supplier-originated breaches
Third-Party Risk Quantification: Financial modeling of potential losses from supplier cyber incidents
The Strategic Shift
The survey shows organizations moving toward "incremental strategy adjustments" rather than complete overhauls, with emphasis on "dedicated risk management teams" and "executive oversight." For cybersecurity, this translates to embedding security requirements throughout the supplier lifecycle rather than treating it as a separate function.
Critical insight: Companies prioritizing "leadership alignment and long-term capability building" in cybersecurity are seeing measurably better outcomes than those implementing point solutions or relying solely on cyber insurance.
Four Questions for Your Next Supplier Review
- Can you identify which suppliers have direct access to your critical systems within 24 hours?
- Do you have real-time visibility into your suppliers' security incidents and vulnerabilities?
- What's your financial exposure if your top 3 suppliers experience ransomware attacks simultaneously?
- Can you isolate supplier access during a security incident without shutting down operations?
These aren't theoretical scenarios—they're happening to organizations that thought their supplier vetting was sufficient.
The Competitive Reality
With cybersecurity risk tripling in priority and 63% of organizations losing more than expected, supply chain cybersecurity is becoming a competitive differentiator. The companies building comprehensive supplier cybersecurity frameworks now will capture market share when competitors get breached through their supply chains.
The data shows that most organizations are still reactive. The question is whether you'll be part of the 8% that gains control, or the 63% that keeps losing more than expected.
How confident are you in your suppliers' cybersecurity posture right now?
Based on WTW's 2025 Global Supply Chain Risk Survey of 1,000 senior decision-makers from companies with $250M+ annual revenue. The cybersecurity trend represents one of the most significant shifts in enterprise risk management priorities.