Supply chain attacks have emerged as the most common cybersecurity threat faced by businesses over the past 12 months, according to a new global study by cybersecurity firm Kaspersky.
The report found that about 31% of companies worldwide experienced a supply chain-related cyber incident during the past year. In the UAE, the figure stood at 25%, highlighting the growing risks linked to third-party vendors and service providers.
Data cited from the World Economic Forum also showed that nearly 65% of large enterprises consider supply chain and third-party vulnerabilities to be the biggest obstacles to achieving cyber resilience.
Large firms face greater exposure
The study found that large enterprises are particularly vulnerable because of their extensive vendor networks. Around 36% of large companies reported experiencing such attacks, compared with lower rates among small and mid-sized firms.
Researchers noted that large organisations typically work with about 100 software and hardware suppliers on average, significantly increasing their potential attack surface. They also tend to provide system access to a large number of contractors — often more than 130 — which further increases cybersecurity risks.
Another growing concern highlighted in the report is “trusted relationship attacks,” where hackers exploit legitimate business connections to gain access to systems. These attacks affected about 25% of companies globally and 21% of organisations in the UAE during the study period.
Need for ecosystem-wide security
Sergey Soldatov, Head of Security Operations Center at Kaspersky, said companies must rethink cybersecurity as part of a broader digital ecosystem.
“As organisations become more interconnected, their exposure to cyber threats increases. Businesses must adopt a comprehensive approach that protects not just individual systems but the entire network of partners and suppliers,” he said.