As cyber attacks on supply networks doubled in 2025, companies are being urged to embed cyber readiness into their operational strategies to safeguard against escalating digital threats and maintain resilience in a volatile geopolitical environment.
As geopolitical tensions spill beyond conventional battlefields, companies that make, move and sell goods find themselves on the front line of a new kind of conflict. Cyber intrusions that once disrupted isolated systems now...
Continue Reading This Article
Enjoy this article as well as all of our content, including reports, news, tips and more.
By registering or signing into your SRM Today account, you agree to SRM Today's Terms of Use and consent to the processing of your personal information as described in our Privacy Policy.
The architecture that underpins modern supply chains , cloud platforms, shared application programming interfaces, third‑party logistics systems and AI decision engines , delivers scale and speed but also multiplies points of failure. Attackers increasingly exploit smaller, less protected suppliers to reach larger customers, turning peripheral vendors into strategic vulnerabilities. According to a Prosegur Cipher analysis, supply‑chain attacks doubled in 2025 and carried an average cost of €4.33 million per incident, with nearly a quarter of breaches involving third parties. The manufacturing sector experienced particularly sharp rises in assaults.
Ransomware remains a dominant threat vector. Industry reporting shows that in 2025 more than six in ten organisations encountered ransomware, with average ransom demands exceeding $1.13 million. The tactics have matured into so‑called double and triple extortion campaigns, where perpetrators encrypt systems, threaten to publish stolen data and press victims with additional coercive actions. High‑profile incidents over recent years demonstrate the potential for such attacks to halt online commerce and empty store shelves, inflicting substantial operational and reputational damage.
Nation‑state and ideologically driven actors have broadened their targets, linking cyber operations to wider strategic aims. Pro‑Iranian hacking collectives have claimed responsibility for strikes against infrastructure in the Middle East and operations spilling into the United States, including an attack against medical‑device maker Stryker, according to reporting by The Associated Press. Meanwhile, a U.S. National Security Agency assessment described long‑running campaigns by Russian military intelligence that sought to map and penetrate logistics and technology firms supporting aid flows to Ukraine, using techniques such as spear‑phishing and exploitation of internet‑connected cameras around transport hubs. Those campaigns underline how intelligence collection and disruption efforts can focus on the logistical arteries of relief and supply efforts.
Emerging technologies complicate the picture. The proliferation of internet‑connected sensors and robotic systems increases the number of exploitable endpoints, while advances in artificial intelligence both automate defenders’ responses and empower attackers. Analysts warn of growing risks from AI‑driven social engineering and the prospect that quantum computing may, in time, undermine widely used encryption schemes. Cybersecurity observers also flag an uptick in schemes that combine digital intrusion with physical interference to hijack freight movements.
Given the inevitability of incidents, resilience must displace the illusion of perfect prevention. Firms should treat cyber preparedness as a core capability akin to quality control or workplace safety: identify critical digital dependencies, map which partners and data flows would cause the greatest disruption if compromised, and prioritise protections and redundancies accordingly. Practical steps include access controls, disciplined patching, employee training, regular incident exercises and tested recovery plans that emphasise segmentation and alternative supply routes.
Execution requires clear executive ownership and realistic, standardised expectations across supplier networks. Rather than imposing prohibitively complex compliance demands, lead firms can define baseline practices that smaller partners can implement reliably and support them with targeted training and peer mentoring. Transparent, rapid incident reporting should be incentivised: experience shows that concealment amplifies harm across interconnected ecosystems.
Operational design must also account for human behaviour. Automation accelerates decision‑making, but human choices still determine whether controls are followed under pressure. Organisations should ensure workflows do not force employees to bypass security to meet deadlines, and they should rehearse cyber incidents as they would other operational emergencies.
The stakes are not abstract. Recent attacks have exposed sensitive personal data, interrupted critical services and produced record‑breaking financial losses. In one widely reported case, a ransomware incident became among the costliest in the United Kingdom’s corporate history. Other breaches affecting education providers and logistics operators have prompted national guidance and law‑enforcement action, underscoring both the societal consequences and the regulatory attention these failures attract.
As global supply networks deepen their reliance on data and automated decisioning, the balance of competitive advantage will shift to organisations that can sustain operations under cyber stress. According to security experts and industry data, those that invest in resilience, standardisation and collaborative support for their partners will be better positioned to preserve continuity and protect customers; those that do not risk becoming operationally brittle in an increasingly contested digital environment.
Marko Kovacevic and Sasha Pailet Koff argue that cyber readiness must be integrated across the enterprise. Their prescription , executive accountability, realistic supplier standards, people‑centred training and rehearsed recovery plans , offers a practical blueprint for firms seeking to keep goods moving when digital disruptions occur. Copyright: Project Syndicate, 2026.
Source: Noah Wire Services
Subscribe to Industry Updates
