A new global survey of C-level executives released by CloudBees, an enterprise software delivery company, has revealed high confidence levels in software supply chain security but a limited understanding of the essential components that make a software supply chain secure. The survey also revealed that among nearly all companies, supply chain security is a higher priority than just two years ago.
According to the CloudBees’ Global C-suite Security Survey, executives overwhelmingly claimed their software supply chains are secure (95%) or very secure (55%) and 93% said they were prepared to deal with an issue such as ransomware or a cyberattack on their supply chain.
However, when asked additional questions about the security of their supply chains, the responses uncovered vulnerabilities. More than two in five (45%) executives admitted that initiatives to secure their software supply chains were halfway complete or less and 64% said they were not sure who they would turn to first if their supply chain was attacked.
“It’s critical that software supply chains operate in the most secure and compliant manner possible. These findings show that while leaders are confident on the surface, they are also aware of security and planning gaps that could expose companies to significant business disruption, regulator and customer concerns and negative brand impact,” said Prakash Sethuraman, Chief Information Security Officer, CloudBees. “For a software supply chain to be secure, it must be continuously verified throughout the entire life cycle in real-time – from committing all the way through to production.”
The survey also revealed that many companies are not prepared to respond quickly when an attack or breach happens. Among executive respondents, 64% said it would take more than four days to fix the problem if they did experience an issue. For a Fortune 500 company, this could result in the loss of millions in revenue and create significant reputational harm.
As companies rely even more heavily on software to drive mission-critical business needs, trends show an increasing number of attacks pushing this issue to be top of mind in boardrooms. Almost all C-level executives (95%) said they think more about securing the supply chain now than they did just two years ago, and 92% said a security issue would impact their brand.
The results of the survey of 500 C-suite leaders in the United States, United Kingdom, Germany and France reflect a growing concern over the security of the world’s delivery and distribution of software.