80% of organizations that report very low visibility across the software supply chain have suffered a security breach in the past 12 months

LevelBlue, a leading provider of managed security services, strategic consulting, and threat intelligence, today released the LevelBlue Data Accelerator: Software Supply Chain and Cybersecurity, which found only 23% of organizations are confident that they have very high visibility of their software supply chain. The limited visibility reported by organizations significantly impacts their cyber resilience, revealing the lack of transparency as a critical and often overlooked risk facing global organizations.

This Accelerator is an in-depth analysis into data from the 2025 LevelBlue Futures Report, comparing risk appetites, investment gaps, and overall preparedness to help organizations secure their end-to-end software supplier ecosystem. It shows software supply chain security as a growing business concern in 2025. This is partly due to regional regulatory framework demands, and because the attack surface is expanding in response to artificial intelligence (AI) adoption and the integration of complex third-party ecosystems.

Research shows that companies are unnecessarily vulnerable to software supply chain threats, with about half (49%) saying they lack the visibility to fully understand – or even identify – the risks. This lack of transparency causes 80% of organizations with "very low visibility" to have suffered a security breach in the past 12 months, a stark contrast to just 6% of those with "very high visibility." Additionally, 80% of organizations with low visibility view critical factors like custom code, commercial off-the-shelf software, and API integrations as "very risky" or "somewhat risky."

“Our Accelerator underscores an immediate need for organizations to prioritize a transparent and secure software supply chain,” said Theresa Lanowitz, Chief Evangelist of LevelBlue. "In an era of increasing AI disruption and evolving threats from nation-states and cybercriminal groups, the ability to withstand and recover from cyberattacks is directly tied to a clear understanding of an organization's software ecosystem."

A total of 68% of organizations report that media attention has elevated cybersecurity on the C-suite agenda, with organizations indicating that third-party risk management is one of the biggest threats they face. Despite this, only a quarter (25%) of organizations plan to prioritize engaging with software suppliers about security credentials in the next 12 months.

Additional key findings include:

• 40% of CEOs believe that the biggest security risk the organization faces today is from the software supply chain - compared with 29% of CIOs and 27% of CTOs.
• 39% of CEOs say AI adoption presents a greater risk to the software supply chain.
• In North America, the top three risks for organizations are third-party software distribution channels (49%), third-party risk management (48%), and unsupported software (48%).
• 57% of North American organizations say they are prepared for software supply chain attacks, compared to 44% in APAC. In Europe and Latin America, 51% and 50% say they are prepared, respectively.
• 67% of European organizations are investing in enhanced software supply chain security, the highest of all regions.
• While software supply chain investment is highest in Europe, the region ranks lowest at 23% in prioritizing engaging with software suppliers about security credentials.

The LevelBlue Data Accelerator provides actionable insights for organizations striving to secure their software supply chain. This includes taking the following four steps:

1. Leverage C-suite Awareness: Capitalize on leadership's understanding of risks to secure budgets for enhanced security measures.
2. Identify Vulnerabilities: Work internally to pinpoint major vulnerabilities and understand their potential business impact to prioritize shorter-term visibility improvements.
3. Proactive Investment: Continuously invest in cybersecurity measures such as advanced threat detection and response alongside exposure and vulnerability management technologies to stay prepared for emerging and evolving cyber risks.
4. Demand Supplier Credentials: Request and regularly assess evidence of suppliers’ cybersecurity credentials to build confidence and maintain organizational resilience.

Dive further into the LevelBlue Data Accelerator: Software Supply Chain and Cybersecurity here. This study follows the release of the 2025 LevelBlue Futures Report which can be found here.

For more information on LevelBlue and its managed security, consulting, and threat intelligence services, please visit www.levelblue.com

Methodology

The research is based on a quantitative survey that was carried out by FT Longitude in January 2025. There were a total of 1,500 C-suite and senior executives surveyed across 16 countries and seven industries: energy and utilities, financial services, healthcare, manufacturing, retail, transportation, and US SLED (state, local government, and higher education).

About LevelBlue

We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence, and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it.

We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence- this enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risks so you can focus on your business.

Welcome to LevelBlue. Cybersecurity. Simplified. Learn more at www.levelblue.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250709488269/en/