Events like last year’s global NotPetya attack and the CCleaner outbreak have brought the issue of software supply chain security to the forefront with alarming clarity. To get a better idea of how this critical new threat vector is impacting organizations, CrowdStrike recently commissioned a global software supply chain survey, which was conducted by the independent research firm, Vanson Bourne. Their report of the survey findings offers important insights and reveals vulnerabilities that should be of interest to organizations in every market sector.

This survey report is based on responses from 1,300 senior IT decision-makers and IT security professionals in the United States, Canada, United Kingdom, Mexico, Australia, Germany, Japan and Singapore, across a wide range of industries. Some major findings that were revealed in the survey report include:

• A majority — 66 percent — of respondents reported that their organizations had experienced a software supply chain attack within the last 12 months and 90 percent had financial costs as a result. The cost impact across all organizations averaged $1.1 million.
• Despite the large number of attacks, organizations aren’t prepared — almost 90 percent of respondents believe they are at risk for a software supply chain attack.
• Organizations aren’t doing enough to vet their software suppliers. Although 90 percent feel it’s critical, only one-third are thoroughly vetting the software suppliers they use.