The 2023 Software Supply Chain Attack Report is sponsored by Snyk.

Cybersecurity Ventures predicts that the global annual cost of software supply chain attacks to businesses will reach a staggering $138 billion by 2031, up from $60 billion in 2025, and $46 billion in 2023, based on 15 percent year-over-year growth. (Press Release)

Instead of directly focusing attacks on an end-user target, hackers are compromising weak links in existing software supply chains to wreak havoc, leading to some of the most prominent cybersecurity incidents and data breaches of recent years.

“Managing supply chain risk is still one of the, if not the biggest, problem for CISOs,” says Philip Reitinger, president and CEO of the Global Cyber Alliance, former SVP and CISO at SONY, and former deputy chief, Computer Crime Section, at the U.S. Department of Justice. “It’s the greatest area of unmanaged or hard-to-manage risk.”

Gartner predicts that by 2025, 45 percent of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.

“In the era of DevOps – fast and continuous development – you simply cannot secure software from the outside,” says Guy Podjarny, founder of Snyk. “Fundamentally, the only way to keep up with the pace of software change is to get developers actually building secure software, and move the security to be where the decision is made.”

While formal interactions between defenders and business leaders are becoming more frequent, according to the World Economic Forum, increased communication and collaboration between developers and security professionals must also become a priority.

Digital transformation, hybrid and remote work, and the escalating threat of cybercrime have forced organizations to rethink how they view security in relation to their software supply chains.

Learn more about software supply chain attacks, the attack landscape, high-profile breaches, boardroom awareness, and more. Download the Report.

– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.

Sponsored by Snyk

Snyk is a leading developer security provider focused on helping developers build the applications you love more securely.

Snyk’s Developer Security Platform provides security visibility and remediation for every critical component of the modern application, including the application code, open source libraries, container infrastructure, and infrastructure as code. Snyk’s unique developer-first solutions continue to redefine the application security market.

To learn more, visit snyk.io.