The report, Securing the Supply Chain, surveyed 1,300 senior IT decision-makers and IT security professionals around the world and across most major industry sectors.
Its conclusion was startling, in that while 80 percent of respondents saw software supply chain attacks as a significant challenge for their organisations, few are prepared to mitigate the risks.
The survey found that two-thirds of the surveyed organisations had experienced a software supply chain attack in the past year. Of concern, was the fact that over 70 percent said that they believed their organisation was failing to hold external suppliers to high security standards.
In fact, only 37 percent of respondents in the US, UK and Singapore said their organisation has actually vetted all suppliers, new or existing in the past 12 months and only a quarter believe, with certainty, that their organisation will increase its supply chain resilience in the future.
Most companies said that they had incurred a financial cost, as a result of experiencing a software supply chain attack, with the average cost per attack topping $1.1m - it's an expensive threat!
Despite the report's findings, more organisations are becoming concerned about vetting their suppliers and partners and 90 percent said that security was a critical factor when making purchasing decisions with new suppliers.
Those figures suggest that software supply chain attacks are being taken increasingly seriously, in no small part due to the financial costs of such attacks.
In the face of this growing threat, companies will need a coordinated, efficient and agile defence.