According to the new Kaspersky study, “Supply chain reaction: securing the global digital ecosystem in an age of interdependence”, more than 66% of global companies would be willing to invest in securing their contractors and suppliers to safeguard against cyberattacks; while 25% are already doing so. This shift reflects that suppliers are becoming part of an interconnected security ecosystem.
In a context marked by rising supply chain attacks, which have impacted nearly one in three companies, and trust-based cyberattacks (which affect one in four companies globally), organizations are reevaluating their security approach. It is increasingly evident that an organization’s cyber risk depends on the level of protection of any supplier or partner who has access to its systems and infrastructure.
According to the study, the 69% of organizations are considering investing in supplier security to strengthen their own resilience. This propensity is especially high in countries such as India (83%), Indonesia (80%), Russia (80%), and Brazil (76%). In markets like Indonesia, Brazil or Russia, there is also a higher level of confidence in suppliers, reflected in a number of third parties with access to corporate systems that exceeds the global average.
Spain Leads Security Spending
At the same time, 25% of companies have already begun sharing security costs with their suppliers, moving from intention to action. This practice is more prevalent in Spain (33%), Hong Kong and Taiwan (33%), Turkey (31%), and Vietnam (31%).
“Today, companies understand that security cannot be confined to their own boundaries but must extend across the entire ecosystem. Smaller companies often lack the security capabilities of the larger organizations they serve, which introduces additional risks. Sharing resources and knowledge helps close these gaps, fortify the weak points in the dependency chain, and push toward greater global cybersecurity resilience,” says Sergey Soldatov, head of the Security Operations Center at Kaspersky.
To reduce the risks associated with the supply chain, Kaspersky recommends adopting organizational measures that include a rigorous, evidence-based evaluation of software vendors. Analyzing their security practices, reviewing their development processes, and applying structured assessment frameworks can help ensure that only secure solutions form part of the internal infrastructure.
