- Indian organizations seem to have better clarity on various supply chain security gaps
compared to other responding nations - 55% expressed the highest concern in ransomware threats among all potential supply chain risks
- 83% identified the need for better governance in the organization’s supply chain
Bangalore, June 13, 2022 –
ISACA ® has just launched new global research results, Supply Chain Security Gaps: A 2022 Global Research Report that has divulged interesting threats and security gaps in the supply chain ecosystem globally. In India, just like many other developing economies, the supply chain challenges have rocked both enterprises and consumers alike, making it harder to access certain goods and maintain business continuity. Increasing security threats have only heightened these concerns, and this ISACA survey report illuminates IT professionals’ key concerns around security challenges and how their organizations are responding to them. It received responses from more than 1,300 IT professionals with pressing supply chain insights. In the Indian market, the report findings cited the following supply chain risks as their key concerns:
| Ransomware | 55% |
|---|---|
| Hardware with embedded malware | 44% |
| Third-party data storage | 42% |
| Compromised software | 42% |
| Software security vulnerabilities | 40% |
| Poor information security practices by suppliers | 32% |
| Third-party service providers or vendors with physical or virtual access to
information systems, software code, or IP |
29% |
“To advance digital trust, there needs to be a level of confidence in the security, integrity, and availability of all systems and suppliers,” says David Samuelson, ISACA CEO. “As we have seen from previous incidents, customers do not differentiate between an attack on an element of your supply chain and an attack on your own systems. Now is the time to take swift and meaningful actions to improve supply chain security and governance.”
Additionally, the ISACA report demonstrates concrete data on overall supply chain security gaps and behavioral patterns within organizations. Some of the most striking results have been listed below –
- 87 Percent of the respondents in India feel their organization’s leaders have sufficient understanding of supply chain risks compared to 70 percent globally.
- About 56 percent indicate they have high confidence in the security of their organization’s supply chain
- 60 percent have high confidence in the access controls throughout their supply chain.
- Among all potential supply chain risks, 55 percent of the respondents were concerned about ransomware threats
- 73 percent believe that organization’s supply chain issues will improve while 24 percent feel it will remain the same
- More than 1 in 5 organizations (21 percent) experienced attacks on the digital supply chain in the last 1 year
- Almost 91 percent include cybersecurity and privacy assessments in their supplier assessment process
- 83 percent feel an organization’s supply chain needs better governance than what is currently in place
- A much higher percentage of organizations in India say their risk assessments include supply chain assessments for IoT devices (83% in India compared to 51 percent globally) and AI (60 percent compared to 39 percent globally), compared to organizations in other countries.
“Key stakeholders – private enterprises, governments, supply chain institutions, and other associated third-party vendors will need to work closely to eradicate crucial supply chain security gaps,” says R V Raghu, Director at Versatilist Consulting India Pvt Ltd, and ISACA Ambassador. “It is imperative that there is a disclosure of open-source software components and threat and vulnerability analysis of key third parties involved and robust supply chain governance to ensure an effective IT supply chain security”
About ISACA:
ISACA is a global community advancing individuals and organizations in their pursuit of digital trust. For more than 50 years, ISACA has equipped individuals and enterprises with the knowledge, credentials, education, training, and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy, and quality. It has a presence in 188 countries, including 225 chapters worldwide. Through its foundation One in Tech, ISACA supports IT education and career pathways for under-resourced and underrepresented populations.