5 Reasons Your Supply Chain Cybersecurity Is Still Insufficient – Part 2

Katherine Barrios, CMO at Xeneta

Yesterday’s article introduced the first driver behind supply‑chain cyber risk. Today we explore the remaining four—each illustrating why many businesses remain under‑prepared.

Cyber Threats Are Perpetually Mobile

According to a recent PricewaterhouseCoopers report on U.S. cybercrime, attackers now employ highly targeted, hard‑to‑detect tactics. This is especially true for supply‑chain actors, who routinely navigate around traditional security measures.

High‑profile incidents like WannaCry, which compromised 230,000 computers across 150 countries, and Petya, which knocked out critical systems at Maersk Line, Merck, WPP, Mondelez, and DLA Piper, underscore the speed and scale of modern ransomware.

When a logistics giant like Maersk is disrupted, the ripple effect spreads through shipping fleets, container inventories, and the entire network of suppliers, causing immediate and far‑reaching operational losses.

Scope of Potential Disruption

Supply‑chain management sustains essential human needs—food, water, medicine. Any interruption can lead to societal breakdown. For example, Petya forced workers at Chernobyl to manually monitor radiation, while residents of Kyiv lost ATM access.

Recent ransomware attacks on the Heritage Valley Health System temporarily shut down lab and imaging services, though operations were restored promptly.

Maersk’s system outage also delayed exports and imports, prompting the company to waive demurrage and detention charges. This incident highlights the economic fallout that can ripple through global trade.

Cyber Complexity Exceeds Physical Boundaries

Harvard Business Review’s Michael Daniel explains that cyberspace lacks the fixed borders of the physical world. Consequently, traditional security concepts—like a federal border—no longer apply. Every network node is effectively at a border, demanding shared responsibility between governments and private entities.

In practice, this means that organizations must invest continuously to keep pace with evolving threats, as well as navigate emerging legal and policy frontiers.

Why Investment Is Often Skewed

Executive underinvestment in cybersecurity stems partly from behavioral economics: the cost of preventing a breach often seems abstract compared to the perceived likelihood of an attack. Global spending on cyber protection is projected to surpass $1 trillion between 2017 and 2021, yet many firms struggle to match that pace.

Emerging solutions—blockchain, pooled threat‑intelligence, smart sensors, and enhanced training—offer promising avenues to strengthen defenses and reduce fear.

The author of this blog is Katherine Barrios, chief marketing officer at Xeneta.