How a False Sense of Resilience is Exposing Supply Chains to Cyber Threats
A cyberattack shutting down operations is no longer a distant threat—it’s a reality supply chain leaders must grapple with. Yet, many organizations still believe they are resilient, despite mounting evidence to the contrary. While companies invest heavily in securing their networks against external attacks, they often neglect the risks lurking within their own operations.
New research from e2e-assure exposes a stark gap in perception versus reality. A staggering 76% of cyber risk owners in manufacturing and supply chain operations believe their organizations are cyber-resilient, yet 77% of employees admit they’ve seen colleagues breach security protocols. If that doesn’t raise a red flag, it should. While businesses are laser-focused on protecting against external threats like ransomware, many are ignoring the vulnerabilities within their own walls.
A Dangerous Disconnect Between Leadership and Reality
Despite an uptick in cyberattacks—82% of risk owners say they’ve been hit, up from 78% last year—most companies still aren’t prioritizing internal defenses. Less than a quarter provide cybersecurity training for employees, leaving a gaping hole in their security strategies.
It’s an easy mistake to make. Many supply chain organizations naturally focus on tangible risks—factory shutdowns, raw material shortages, shipping delays. Downtime from a ransomware attack can cost millions, making it tempting to channel cybersecurity efforts toward stopping external threats rather than educating employees on day-to-day cyber hygiene. But here’s the reality: without an informed and engaged workforce, even the most sophisticated security measures can be rendered useless.
Cybersecurity Isn’t Just an IT Problem—But Employees Think It Is
Ask a supply chain professional who owns cybersecurity, and you’ll likely get the wrong answer. Only 6% of employees surveyed believe security is a shared responsibility. More than half (54%) say it’s solely IT’s job—the highest percentage across all industries surveyed. That perception leads to disengagement, with just 36% of workers saying they’re actively engaged in security training. Meanwhile, 76% of risk owners believe their employees are engaged—another clear disconnect.
What does this mean for supply chains? It means employees are treating cybersecurity like an afterthought. They assume IT has it covered, so they don’t think twice before using weak passwords, clicking suspicious links, or accessing sensitive systems from unsecured devices. In an industry where a single attack can halt production, delay shipments, and compromise customer data, that’s a serious problem.
AI’s Rapid Adoption is Outpacing Security Awareness
If cyber risk owners aren’t paying attention to how employees use AI, they should be. Manufacturing and supply chain professionals are leading the pack when it comes to AI adoption—37% use OpenAI tools at least once a week, the highest of any sector surveyed. Yet more than half of employees say they have no idea what their company’s AI policies actually are.
This is where things get messy. AI-powered tools bring incredible efficiencies, but they also create new attack surfaces. Without clear security policies, employees may be unknowingly feeding sensitive company data into unsecured AI platforms, opening the door to potential breaches. If businesses don’t address this knowledge gap soon, AI could become a cybersecurity liability rather than an operational advantage.
Fixing the Cybersecurity Gaps in Supply Chains
The good news? There are clear ways to close these security gaps and make cyber resilience a reality—not just an assumption. The first step is making training relevant and engaging. Employees don’t need generic security modules; they need real-world scenarios that show how a simple mistake—like using the same password across systems—can trigger a costly breach.
Culture also plays a huge role. Security can’t be an afterthought, nor can it be something that only IT worries about. Leadership needs to drive home the message that cybersecurity is a shared responsibility across the supply chain, from procurement to operations to logistics.
Automation is another game-changer. AI-driven threat detection tools can help organizations spot unusual activity before it escalates, reducing the burden on employees while adding an extra layer of security. But technology alone isn’t the solution—companies also need to partner with the right cybersecurity providers who can take a proactive, rather than reactive, approach to security.
Cyber threats aren’t going away. In fact, they’re evolving faster than most organizations can keep up with. The businesses that survive won’t be the ones with the most expensive firewalls or the latest threat intelligence feeds. They’ll be the ones that recognize cybersecurity as an essential part of supply chain resilience—right up there with risk management, cost control, and operational efficiency.
