Rising Impact of Supply Chain Attacks on Cyber Insurance and Enterprise Risk
Supply chain attacks have become a major concern for organizations, with industry data showing that breaches involving third parties have doubled year over year and now account for approximately 30% of all data breaches. These attacks, which often target digital supply chains such as open-source software, SaaS platforms, and cloud services, have proven to be highly disruptive and costly, with average remediation costs exceeding $4.9 million and significant operational downtime. The most impactful supply chain incidents of 2025 have demonstrated the potential for digital compromises to trigger both digital and physical disruptions across multiple organizations simultaneously.
As the frequency and severity of supply chain attacks increase, cyber insurance providers are beginning to scrutinize policyholders' supply chain security controls more closely. Experts predict that the ability to obtain or renew cyber insurance—and even broader business-interruption coverage—will increasingly depend on the strength of an organization's software supply chain security and third-party risk management. While the current cyber insurance market is favorable for buyers, with lower premiums and broader coverage, this could change rapidly if supply chain-related claims continue to rise, prompting insurers to tighten requirements and increase rates.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Story first reported
Initial story creation
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Escalating Software Supply Chain Security Risks and Industry Response
Recent high-profile incidents such as the SolarWinds, MOVEit, and Log4Shell breaches have underscored the critical vulnerabilities present in the software supply chain, prompting organizations to prioritize third-party risk management and supply chain security at the executive level. Security leaders now recognize that every external dependency, from open-source libraries to SaaS platforms, represents a potential attack vector, with 69% of organizations reportedly impacted by a supply chain security event in the past year. The MOVEit and SolarWinds attacks, in particular, demonstrated how a single compromised vendor can trigger widespread data breaches and operational disruptions across thousands of downstream organizations. In response to these threats, companies are increasingly adopting third-party risk management tools and modern application security practices to monitor and secure their extended digital ecosystems. Industry reports highlight a gap between awareness and implementation of foundational security controls, with many organizations failing to mandate essential protections despite acknowledging the risks. Regulatory bodies such as CISA have also identified supply chain attacks as one of the most persistent and damaging threats, emphasizing the need for proactive, holistic risk management strategies that extend beyond internal systems to encompass the entire vendor ecosystem.
Mar 21, 2026
Escalating Cloud and Supply Chain Security Threats in 2025
The cybersecurity landscape in 2025 is marked by a rapid acceleration in both the frequency and sophistication of cyberattacks, with cloud environments and supply chains emerging as primary targets. According to the Microsoft Digital Defense Report 2025, financially motivated cyberattacks and nation-state operations have intensified, leveraging artificial intelligence to increase the speed, scale, and profitability of attacks. AI-powered phishing campaigns now achieve up to 50 times greater profitability by automating personalized attacks, while the window for compromising cloud containers has shrunk to just 48 hours after deployment. North Korean threat actors have embedded tens of thousands of operatives globally, exploiting the remote workforce as a persistent attack vector. Microsoft telemetry reveals an 87% increase in disruptive campaigns targeting Azure environments, with credential theft and data exfiltration attempts rising by 23% and 58%, respectively. Azure Blob Storage, a critical component for storing unstructured data, is increasingly targeted by threat actors seeking to compromise data integrity and business continuity. Microsoft’s Secure Future Initiative has responded by strengthening default security measures and providing actionable recommendations for defending against these evolving threats, including leveraging Microsoft Defender for Cloud’s Defender for Storage plan. The broader industry is also witnessing a surge in supply chain breaches, with 2025 statistics showing a 68% increase in such incidents, now accounting for 15% of all data breaches. Nearly one-third of all breaches are linked to third-party vendors or partners, and Gartner predicts that 45% of organizations will experience a supply chain breach by the end of 2025. No industry is immune, as interconnected digital ecosystems expand the attack surface and expose organizations to cascading risks from less secure partners. Cloud security incidents are on the rise, with 80% of organizations reporting an increase and 45% of breaches being cloud-based, resulting in an average cost of $4.35 million per breach. Disaster Recovery-as-a-Service (DRaaS) and cyber recovery solutions are increasingly critical for ensuring business continuity and resilience, focusing on restoring clean, uncompromised systems after disruptions. The need for robust security baselines, continuous monitoring, and strategic recovery planning is underscored by the evolving tactics of threat actors and the growing complexity of cloud and supply chain environments. Organizations are urged to adopt a proactive, layered defense strategy, leveraging AI-driven detection, secure configuration, and rapid incident response to mitigate the impact of these accelerating threats. The convergence of cloud and supply chain vulnerabilities demands heightened vigilance, cross-functional collaboration, and investment in advanced security technologies to safeguard critical assets and maintain operational resilience in the face of relentless cyber adversaries.
Mar 21, 2026
Trends and Challenges in Cybersecurity for 2025-2026
The cybersecurity landscape in 2025 saw significant evolution, with a marked increase in supply chain attacks targeting CI/CD pipelines, open source packages, and developer tooling. Organizations like StepSecurity reported detecting and responding to some of the most consequential supply chain compromises before they became public, highlighting the need for real-time visibility and enforcement across software supply chains. The year also witnessed rapid growth in the adoption of security solutions, as enterprises sought to protect their development environments and open-source repositories from increasingly sophisticated threats. Simultaneously, the industry experienced major shifts in technology and risk management. Startups drove innovation in browser security, application security for AI-generated code, and SOC automation, reflecting the growing importance of cloud-based workspaces and AI-driven applications. On the risk management front, CISOs faced a tightening cyber insurance market, with insurers demanding more rigorous proof of security controls and warning that major supply chain or AI-related incidents could quickly harden underwriting standards. These developments underscore the need for organizations to adapt their security strategies to address both emerging technical threats and evolving risk management requirements.
Mar 21, 2026