In the past two years, security threats have intensified the supply chain challenges enterprises have faced, and a new ISACA survey report indicates that only 44% of IT professionals have high confidence in the security of their organization's supply chain.  

Moreover, 30% of the respondents said their organization's leaders do not have a sufficient understanding of supply chain risks, and 53% of respondents said supply chain issues would worsen or stay the same over the next six months, according to the report by the professional association, which focuses on IT governance.

ISACA said more than 1,300 IT professionals with supply chain experience responded to the survey, 25% of whom said their organization had experienced a supply chain attack in the past 12 months.

Despite being vulnerable to a number of factors, including security threats, our supply chains have always been vulnerable, but the COVID-19 pandemic has underscored how vulnerable they are.

In a statement issued by Rob Clyde, former ISACA board chair, NACD board leadership fellow, and executive chair for White Cloud Security, he said. As the risk landscape evolves, enterprises must take the time to understand it, as well as identify any security gaps within their organization that should be prioritized and addressed.

84% of respondents said their organization's supply chain needs better governance than what it currently has. One in five respondents said they do not include cybersecurity and privacy assessments in their supplier assessment process.

 A further 39% of respondents have not developed incident response plans with suppliers in case of a cybersecurity incident, and 60% have not coordinated and practiced supply chain-based incident response plans.

The majority of respondents (49 percent) said their organizations do not conduct vulnerability scanning or penetration testing on their supply chains.

Managing supply chain security risk requires a multi-pronged approach that involves conducting regular cybersecurity and privacy assessments, and developing and coordinating incident response plans in close collaboration with suppliers, said John Pironti, president of IP Architects and a member of the ISACA Emerging Trends Working Group.

In order to ensure that reviews, information sharing, and remediations go smoothly and effectively, your organization needs strong relationships with its suppliers.