Skip to main content
Glossary Definition

Supply Chain Risk


Supply Chain Risk

Supply chain risk can be thought of as a specific type of third-party risk, where the risk stems from the fact that vendors and partners in an organization’s supply chain increase its attack surface yet the organization may not have sufficient visibility or awareness of the suppliers’ security posture.

A company’s digital supply chain is unique in several ways and likely mission critical. IT service providers and other IT vendors may have different cyber security risk tolerances than their partners, or be smaller companies that have been unable to consider security at the same depth as their clients or other partners in the supply chain.

Organizations that are part of the supply chain but have poorly secured systems, abandoned assets, or misconfigurations that attackers can find create risk for all participants in the supply chain. It is not uncommon to have thousands of IT vendors in an organization’s supply chain. The complexity that digital supply chains create with respect to cyber security risk have been evident for several years, with one of the notable breaches occurring in 2013 with Target and one of its supply chain vendors.

Read More Glossary Terms