BlackBerry(US:BB) Prnewswireยท2024-06-06 10:00Core Insights - Over 75 percent of software supply chains experienced cyberattacks in the past year, highlighting significant vulnerabilities in cybersecurity practices [1][4] - The study indicates that companies are struggling with visibility and monitoring of their software supply chains, which is critical for managing cybersecurity risks [2][3] Group 1: Cybersecurity Breaches and Recovery - 51 percent of companies managed to recover from a breach within a week, a slight decrease from 53 percent two years ago, while nearly 40 percent took a month to recover, an increase from 37 percent [2] - 74 percent of attacks originated from supply chain members that companies were unaware of or not monitoring prior to the breach [2] - Financial loss (64 percent), data loss (59 percent), reputational damage (58 percent), and operational impact (55 percent) were significant consequences of these breaches [2] Group 2: Confidence in Supply Chain Security - 68 percent of respondents expressed "very confident" feelings regarding suppliers' ability to identify and prevent vulnerabilities, while 63 percent felt the same about compliance practices [3] - 41 percent of companies conduct quarterly inventories of their supply chain partners for cybersecurity compliance, requesting proof such as a software bill of materials (SBOM) [3] - Barriers to regular software inventories include lack of technical understanding (51 percent), lack of visibility (46 percent), and lack of effective tools (41 percent) [3] Group 3: Consumer Communication and Impact - 78 percent of companies are tracking the impact of cyberattacks, but only 65 percent are informing customers about these incidents [4] - Concerns about negative impacts on corporate reputation (51 percent) and insufficient staff resources (45 percent) were the main reasons for not informing customers [4] Group 4: Vulnerable Components and Notification Times - The most vulnerable components identified were operating systems (27 percent) and web browsers (21 percent) [5] - Expected notification times for breaches include 34 percent within four hours, 46 percent within 24 hours, and 18 percent within 1-3 days [5] - 66 percent of respondents believe that suppliers' cybersecurity policies are of comparable strength, while 30 percent think they are stronger [5]