Radio ExpressTV
Live
The Growing Cyber Threat to Supply Chains
As the conflict intensifies in the Middle East, governments and security experts warn that the struggle may extend into cyberspace. Businesses and supply chains, particularly in the United States and allied nations, may face retaliatory or asymmetric cyberattacks from Iran or its affiliated groups seeking to exert pressure beyond the battlefield. Against this backdrop, the cyber resilience of global supply networks has shifted from a theoretical concern to an urgent operational priority.
For decades, supply chains were primarily designed to minimize costs and maximize speed and volume. Cybersecurity was often treated as a secondary measure—a technical precaution with minimal impact on operational decisions. However, in today’s AI- and data-driven economy, this is no longer the case. Cyber preparedness measures and supply chain processes are now deeply interconnected.
Supply chains have evolved into adaptable digital ecosystems rather than mere linear flows of goods. Networks of manufacturers, logistics providers, software platforms, and data services are built on shared systems, APIs, and cloud infrastructures. AI-driven decision-making engines have expedited integration by automating planning, procurement, forecasting, and execution.
While this architecture offers exceptional efficiency, it also creates systemic fragility. Supply chain disruptions are no longer solely due to weather conditions or labor disputes; they are increasingly caused by cyber incidents that compromise data integrity, system availability, and mutual trust. These incidents often originate outside the organization—at suppliers, service providers, or software vendors, whose capabilities and resources vary significantly. Attackers frequently target smaller, resource-scarce companies as entry points into larger organizations.
Last year, Marks & Spencer announced losses of nearly $300 million after a ransomware attack, which began through a vendor, forced it to suspend its online operations and left store shelves empty. Recent attacks affecting organizations like Jaguar Land Rover, Victoria’s Secret, Toyota, British Airways, Applied Materials, and Ticketmaster have highlighted the vulnerabilities of ecosystems supporting global business operations. According to the 2025 Verizon Data Breach Investigations Report, 30% of breaches now involve a third party—a 100% increase from the previously reported figure of 15%.
The result is a form of operational risk that can no longer be confined to supply chain endpoints or managed through traditional governance models. From the perspective of business leaders, cybersecurity has become an intractable challenge that technology alone cannot resolve. Rather than being an internal IT issue that can be delegated and forgotten, it must be addressed as a core business system, reinforced by culture and behavior.
The paradox of modern supply chains is that they are automated yet subject to human judgment. Every day, thousands of individuals—from procurement officials at corporate headquarters to warehouse managers at suppliers—make decisions that either enhance or jeopardize the systems’ resilience.
Artificial intelligence exacerbates this dynamic. Automated systems rely on a continuous flow of trustworthy data. When data is compromised or manipulated, disruptions can escalate rapidly, adversely impacting planning and execution processes and amplifying errors on a large scale. Furthermore, generative AI has increased the efficacy of social engineering. Instead of hacking software code, attackers can now “hack” employees, exploiting their trust by impersonating vendors, executives, or colleagues convincingly.
Consequently, no organization can ensure cyber preparedness on its own. Managing these threats requires collaboration with stakeholders possessing varying capabilities and maturity levels across the supply chain network. Business leaders must treat cyber preparedness as an operational capability, akin to quality or safety, while continuously operating under pressure. Are their companies ready to prevent, confront, and recover from cyber disruptions across supply chains? Can they maintain the movement of goods, preserve data integrity, and align with partners even when systems are breached?
One defining feature of cyber-resilient supply chains is executive accountability. Leaders must take responsibility for the issue, incorporate cyber scenarios into enterprise risk management, and establish clear responsibilities during incidents.
Moreover, expectations across the ecosystem must be unified and practical. Instead of imposing complex requirements heavily focused on compliance, leading organizations should identify fundamental practices—such as access controls, patch discipline, employee awareness training, and incident reporting—that suppliers can realistically meet. They should also provide resource-limited partners, including those supplying essential raw materials, with human-focused training and peer guidance.
Just as consistency matters more than perfection in cyber-resilient supply chains, being ready is more crucial than prevention. Cyber incidents are inevitable. Organizations must invest in redundancy, segmentation, robust backup systems, and tested recovery plans to ensure that a disruption in one link does not collapse the entire operation. They should train for such incidents as if they are natural disasters or logistical failures.
Clear communication and support for smaller partners help build trust—which is another essential element of cyber-resilient supply chains. When incidents occur, organizations should prioritize speed and transparency over finger-pointing, as concealing incidents only exacerbates damage within interconnected systems.
Finally, cyber preparedness must be integrated into workflows. Vulnerabilities arise when employees are forced to bypass security controls to achieve operational goals. Managers must ensure that efficiency pressures do not create incentives for taking shortcuts.
Business leaders can take immediate steps to build cyber-resilient supply chains. They can identify critical dependencies, focusing on areas where digital integration and data exchange are most vital. This means pinpointing partners, systems, and data flows that would cause the greatest disruption if compromised—and identifying the key human touchpoints, where decisions are made, data moves from hand to hand, and pressures necessitating swift action peak. With this information, business leaders can set basic expectations and support their most resource-strapped suppliers.
As AI, automation, and geopolitical complexities reshape global supply networks, cyber risks will continue to evolve and grow. Being prepared for and responsive to these threats is no longer optional. Companies that enhance their cyber preparedness will be better positioned to maintain the continuity of their supply chains and competitive advantage; those that do not risk becoming operationally fragile entities in an increasingly volatile world.
