Enterprises Urged to Bolster Software Supply Chain Security Amid Rising Breach Risks

A recent report from LevelBlue has raised red flags over the state of software supply chain security, revealing that 80% of organizations with limited visibility into their supply chains experienced a security breach in the past year.

Despite the growing focus on cybersecurity at the executive level, only 23% of companies believe they have strong visibility into their software supply chains. Nearly half admit they lack sufficient insight to assess or detect threats effectively.

Theresa Lanowitz, Chief Evangelist at LevelBlue, emphasized the critical need for organizations to strengthen their understanding and control over software ecosystems, especially in the face of AI-driven threats and attacks from nation-state and criminal actors.

“Cyber resilience is directly linked to how well an organization knows its software infrastructure,” said Lanowitz.

The study also found that 80% of firms with low visibility consider elements like custom code, off-the-shelf software, and API integrations to be risky. Despite this, only 25% of enterprises plan to discuss security credentials with software suppliers in the coming year.

CEOs appear to be the most concerned among C-suite leaders, with 40% identifying software supply chain risk as their primary cybersecurity threat—outpacing CIOs (29%) and CTOs (27%).

Regionally, North America leads in preparedness, with 57% of firms ready to counter supply chain threats, while Europe outpaces other regions in proactive investment. Around 67% of European companies are funding improvements in supply chain security.

However, achieving visibility across the software supply chain remains complex, requiring cooperation from upstream vendors and alignment on standards. Emerging regulations, like the EU’s Cyber Resilience Act and the FDA’s SBOM mandate in the US, are set to push organizations toward greater transparency.

Mike McGuire, Senior Software Manager at Black Duck, urged companies to treat standardized SBOMs as essential. “This shift is not a burden but a chance for security-conscious vendors to stand out,” he noted.

As regulatory pressure mounts, enterprises are being called to act now—prioritize visibility, enforce software security standards, and treat transparency as a competitive advantage.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com