CIPS survey reveals cyber attacks on supply chains surge as firms count the cost
Subscribe to our free newsletter today to keep up to date with the latest supply chain industry news.
Nearly a third of business leaders report a rise in cyberattacks on their supply chains, according to the Chartered Institute of Procurement and Supply (CIPS). The findings follow a wave of incidents disrupting industries from automotive manufacturing to food and beverage production.
Recent breaches at Jaguar Land Rover, Marks & Spencer, and the Co-op have shown how interconnected corporate networks have become. In each case, attacks on supplier-linked systems halted production or services, costing tens of millions in lost revenue. CIPS’s September survey found that 29 percent of procurement managers said companies in their supply chain had suffered an attack in the last six months.
These events have pushed cybersecurity to the top of boardroom agendas. Once considered an IT issue, digital resilience has become a key priority for procurement executives and chief executives, particularly in industries dependent on synchronized logistics and just-in-time operations.
Why supply chains are the new prime target for hackers
Hackers are increasingly targeting the weakest links in global supply networks. Rather than attacking a large company’s perimeter, they exploit smaller third-party vendors with shared access or outdated security. The number of cyberattacks originating through suppliers doubled in 2024 from the previous year, according to industry data.
This shift reflects the complexity of digital ecosystems. Manufacturers rely on thousands of suppliers for hardware, data management, and logistics. A single vulnerability in one system can expose much larger networks. SecurityScorecard’s 2025 survey found that 88 percent of security leaders are concerned about their suppliers’ cyber readiness.
Manufacturing is now the most targeted sector, accounting for about 22 percent of all known breaches this year. Many of these attacks aim to disrupt production or tamper with industrial control systems. The results have revealed how fragile operations can be when one partner fails to maintain effective defenses.
How business leaders are responding to growing digital threats
With costs and disruptions mounting, companies are taking a more active role in supply chain security. The CIPS report found that cybersecurity now ranks alongside geopolitical tension and trade policy as a top business risk.
Many organizations are investing in supplier risk assessments, digital defense systems, and workforce training. Some have created joint cybersecurity task forces with suppliers to improve coordination. Regulatory efforts such as the European Union’s NIS2 directive and the Digital Operational Resilience Act are also driving higher security standards across supply networks.
Still, most firms remain underprepared. Fewer than 30 percent monitor cybersecurity across more than half of their suppliers, leaving gaps that attackers can exploit. The pressure on procurement teams to assess vendor security will intensify as insurance premiums for cyber coverage continue to climb.
Lessons from the Jaguar Land Rover and Asahi disruptions
The global impact of recent attacks shows how quickly a breach can ripple across production lines. Jaguar Land Rover’s cyberattack in late August shut down systems in the United Kingdom, Slovakia, India, and Brazil. The outage halted vehicle assembly for a month, costing an estimated £120 million in lost profit and £1.7 billion in revenue.
In Japan, brewing group Asahi was forced to stop production at 30 domestic plants after a systems outage. The attack disrupted order processing, shipping, and customer service. These examples demonstrate how modern supply chains, though efficient, remain highly vulnerable.
Both companies had to rebuild network access, audit supplier systems, and communicate openly with partners and customers to maintain trust. Their recovery processes underscored that resilience depends on collaboration across the entire network.
The expansion of digital procurement and connected logistics has widened the threat landscape, making cybersecurity a shared responsibility. Experts recommend that companies map their supplier ecosystems, identify critical nodes, and conduct regular audits. Adopting AI-driven monitoring tools and running incident simulations can help organizations detect and contain attacks early.
Investing in resilience is now a competitive advantage. Companies that can demonstrate robust security practices and transparency are more likely to retain clients and win new contracts. The supply chain of the future will depend as much on digital trust as on operational speed.
For executives, the challenge ahead is to align growth ambitions with security. The lesson from 2025 is clear: the strength of one supplier can determine the stability of an entire industry.