Supplier risk has become a business resilience problem | perspective

Staff Editor 2026-06-26
Supplier risk has become a business resilience problem | perspective

Supplier risk has become a business resilience problem | perspective

https://www.scmagazine.com/perspective/supplier-risk-has-become-a-business-resilience-problem

Publish Date: 2026-06-18 07:00:00

Source Domain: www.scmagazine.com

Cybersecurity Risks from Third-Party Involvement in Breaches Significantly Increased

The incidence of breaches involving third-party involvement surged by a staggering 60% within a year, making up 48% of all breaches reported. This rise elevates the risk from being a peripheral security concern towards a critical resilience challenge, especially considering the uncontrollable nature of vendor-related threats, which move much faster than traditional vendor-risk processes can address. Companies rely heavily on various vendors, with a compromise in a supplier having potentially severe downstream effects. Notable examples like the 2025 Gainsight incident demonstrate how a breach can affect numerous Salesforce instances without breaching the core Salesforce system. This emphasizes the supply chain vulnerabilities stemming from unmanaged dependencies. Traditional vendor risk management methods fall short in keeping up, with annual assessments often lagging behind changes in geopolitical conditions, AI adoption, and cybercrime trends, all of which can drastically alter a vendor’s risk profile. Executives should now focus on building a complete view of suppliers, ranking them based on potential business impacts, mapping dependencies, and strengthening protections around the most critical relationships.

Key Points:

  • Third-party breaches accounted for 48% of all breaches after increasing by 60% in a single year.
  • Critical dependencies in supplier networks can lead to significant disruptions without any direct control from the buyers.
  • Traditional vendor risk management approaches are insufficient due to rapid changes in geopolitical, cybersecurity, and AI landscapes.
  • Executives should focus on identifying and prioritizing the suppliers with the highest impact on their operations.
  • Recommended actions include maintaining a comprehensive view of suppliers, ranking them according to their business impact, mapping their dependencies, and strengthening contracts with critical third parties.

More Stories

Permian AI meeting covers cybersecurity risks for firms

Permian AI meeting covers cybersecurity risks for firms

Staff Editor 2026-06-26
Is Belden (BDC) Undervalued On New Industrial Networking And Cybersecurity Product Launches?

Is Belden (BDC) Undervalued On New Industrial Networking And Cybersecurity Product Launches?

Staff Editor 2026-06-26
OpenAI limits its latest ChatGPT product to Trump-approved customers during cybersecurity review – Butler Eagle

OpenAI limits its latest ChatGPT product to Trump-approved customers during cybersecurity review – Butler Eagle

Staff Editor 2026-06-26

You may have missed

Permian AI meeting covers cybersecurity risks for firms

Permian AI meeting covers cybersecurity risks for firms

Staff Editor 2026-06-26
City Government and Schools in Oregon Introduce AI Tools

City Government and Schools in Oregon Introduce AI Tools

Staff Editor 2026-06-26
Should Idaho Police Use AI to Write Reports From Body Cam Footage?

Should Idaho Police Use AI to Write Reports From Body Cam Footage?

Staff Editor 2026-06-26
Ford Scrambled to Rehire Engineers After Sabotaging Itself With AI

Ford Scrambled to Rehire Engineers After Sabotaging Itself With AI

Staff Editor 2026-06-26
Is Belden (BDC) Undervalued On New Industrial Networking And Cybersecurity Product Launches?

Is Belden (BDC) Undervalued On New Industrial Networking And Cybersecurity Product Launches?

Staff Editor 2026-06-26

Terms and Conditions - Privacy Policy