As Digitization Outpaces Security, Lack of Supply Chain Visibility Increases Cyberthreat Vulnerabilities

Improved collaboration and advanced operational technology strategies can help enhance security.

Cybersecurity remains a critical concern for supply chain leaders as digitalization increases both connectivity and complexity across global networks. The growing number of digital touchpoints between suppliers, partners and enterprise systems has significantly expanded the attack surface for cybercriminals.

No longer just physical pipelines for goods, supply chains have evolved into complex digital ecosystems—where a single vulnerability can trigger widespread disruption.

“Cyberattacks continue to present an ongoing, ever‑evolving threat to businesses across all sectors,” Mark Atwood, research managing vice president, wrote in Gartner’s “Top Trends in Supply Chain Technology for 2025.” He cited a 2024 Gartner survey on geopolitical risks impacting supply chains, in which 59 percent of respondents said cyberattacks had a moderate to very high impact on their performance over the past year.

“The supply chain, with its multiple functional hand‑offs in the organization, as well as its vast partner ecosystem, represents a large and attractive target to bad actors,” Atwood stated. “The greater the digitalization of the supply chain, the more the cyberthreat increases.”

Meanwhile, a DNV Cyber survey of 1,150 professionals from critical infrastructure industries—including energy, maritime, manufacturing and health care—revealed that only 53 percent are confident that their organizations have complete visibility into their supply chains’ cybersecurity vulnerabilities. Even more concerning, 36 percent believe attackers may have infiltrated their supply chains without those breaches being reported by suppliers.

These statistics highlight a troubling reality: many organizations lack sufficient supply chain visibility, creating dangerous blind spots. Supply chain visibility—the ability to track and monitor risks across all nodes in the network—has therefore become fundamental to managing cyberthreats effectively. Without it, organizations cannot reliably detect intrusions, assess vulnerabilities or respond rapidly.

“Supply chain visibility isn’t just about tracking boxes—it’s about tracking digital touchpoints, user behavior and system integrity,” Glen Wegel, vice president of operations and IT for Kitchen Cabinet Distributors and secretary of the Warehousing Education and Research Council (WERC) Advisory Council, said.

“Doing so enables a shift away from reactive firefighting to proactive threat monitoring and response,” Wegel continued. “Having this insight makes BY supply chain visibility a foundational pillar of supply chains and a cyber‑secure operation.”

Understanding the Top Cybersecurity Threats in Supply Chains

Multiple potential cybersecurity threats lurk throughout supply chains.

First, the rapid digitization and automation of supply chains—while bringing unprecedented efficiency and insight—have also amplified cyber risk. Real‑time analytics, predictive maintenance and integrated logistics depend on connectivity, cloud services and third‑party software. Each adds new attack vectors.

“Every new connected system, vendor platform or piece of software becomes a potential point of entry,” Alex Santos, CEO and cofounder of Fortress Information Security, said. “What really worries me is that digitization has outpaced security. Most organizations don’t have a clear picture of what’s running in their supply chain, and they can’t protect what they can’t see. That lack of visibility creates serious blind spots, especially when dealing with critical infrastructure.”

One significant visibility hurdle is the traditional siloing between information technology (IT) and operational technology (OT) systems, especially in industrial environments. OT systems control physical devices and processes but have often been excluded from cybersecurity programs, leaving critical infrastructure vulnerable, according to Jason Hunt, principal at Deloitte Advisory.

“The top threat we continue to see is aging equipment within industrial environments that cannot be easily replaced or updated to address vulnerabilities,” Hunt said. “That’s often due to the risk to physical processes themselves, such as the need to maintain equipment uptime. That’s coupled with the prohibitive cost of replatforming integrated systems originally built on outdated platforms, such as Windows Server 2000 and XP.”

This creates an expanding attack surface, as aging systems previously isolated are integrated into broader networks to enable digital transformation.

Santos added that software‑based attacks have become an enormous threat. “Software is now the foundation of most devices and systems, and when it’s not properly vetted, it becomes a massive vulnerability.”

Wegel agreed, noting that the interconnected nature of supply chains—comprised of third‑party partners, service providers and vendors—introduces additional risk.

“Vulnerability in any third‑party system, like a warehouse management system (WMS), transportation management system (TMS), enterprise resource planning (ERP) system, warehouse control system (WCS) or warehouse execution system (WES), can create a backdoor into your network,” he said. “Likewise, ransomware targeting OT and Internet of Things (IoT) connected equipment can cause global supply chain disruption by delaying shipments, blocking access to critical systems or shutting down fulfillment altogether.”

Santos emphasized that cyberthreats don’t always begin with a bad actor at the keyboard; some stem from the broader instability created by economic and social disruption.

“Tariffs are creating havoc in supply chains right now,” he said. “As tariffs force companies to end long‑term relationships and find new suppliers, that shift erodes trust and opens doors to threat actors. Change itself is a risk.”

Finally, human error can’t be overlooked when considering cyberattack vectors, Wegel said.

“Most breaches don’t start with a hacker breaking through a firewall,” he said. “They start with an employee clicking a phishing email, using simple passwords or even misconfiguring a system. There’s also the potential for disgruntled employees, temp workers or contractors with systems access to intentionally—or unintentionally—leak data, install malware or otherwise disrupt operations.”

6 Strategies for Proactive Supply Chain Cyber Risk Reduction

Despite the challenges, supply chain leaders can take concrete steps to reduce cyber risks and improve visibility. A coordinated approach combining governance, technology, collaboration and training is essential.

1. Implement governance and cross‑functional collaboration. Unclear ownership of cybersecurity responsibilities between IT, cybersecurity, engineering and supply chain teams often creates gaps.

“Establishing a consistent governance program with clearly defined roles and responsibilities is essential,” Hunt said. “Executive‑level support—with alignment between stakeholders, including chief operating officers (COOs), chief information officers (CIOs) and chief information security officers (CISOs), to name a few—enables coordinated efforts.”

Furthermore, incorporating supply chain cybersecurity into overall corporate governance and appointing liaison roles to bridge cybersecurity and supply chain teams helps ensure effective communication and accountability.