Skip to main content
close search
site logo
Dive Brief

Costs of software supply chain attacks could exceed $46B this year

Losses attributed to software supply chain attacks will jump 76%, reaching almost $81 billion by 2026, according to Juniper Research.

Published May 12, 2023
Matt Kapko's headshot
Senior Reporter
A stylized stock chart is superimposed over a picture of U.S. dollars.
Maximusnd via Getty Images

Dive Brief:

  • Businesses are expected to incur nearly $46 billion in costs from software supply chain attacks globally this year, according to a study Juniper Research released Thursday. 
  • Financial losses attributed to software supply chain cyberattacks will jump 76% and cost the global economy almost $81 billion in lost revenue and damages by 2026, the research found.
  • Organizations in healthcare, finance, government and automotive are expected to bear the majority of these costs, according to Juniper Research.

Dive Insight:

Absent significant structural changes to software supply chain security management, unsuspecting organizations will continue to fall victim to cyberattacks linked to a piece of software in their environment.

Juniper Research analysts pin the continued jump in costs to organizations’ insufficient cybersecurity resources, a failure to recognize the value of the data and processes they interact with, and a lack of awareness about what constitutes this persistent threat.

The supply chain attack against 3CX in March stresses the extent to which these attacks can accelerate and damage many downstream victims. The compromise of 3CX and its build environment occurred when a 3CX employee used their credentials to download and install malware-laced X_Trader software from Trading Technologies, according to Mandiant.

Mandiant Consulting CTO Charles Carmakal, at the time, described it as the first multitiered supply chain attack where the software supply chain attack of one company led to the software supply chain attack of another company and product.

The software supply chain attack against X_Trader claimed at least four additional victim organizations, according to the Symantec Threat Hunter Team.

Bolstering the security of software is a core tenet of the White House’s national cybersecurity strategy. Cyber authorities in the White House and the Cybersecurity and Infrastructure Security Agency want to shift the responsibility for security on software, hardware and platform providers onto the vendors developing and selling those products.

Some vendors have pushed back on the secure-by-design and secure-by-default principles outlined in the strategy, Acting National Cyber Director Kemba Walden told journalists during a briefing last month at the RSA Conference.

U.S. officials are assessing how far they can go in achieving this responsibility shift. Most experts acknowledge congressional legislation will be required, but Walden said a software liability regime from the current Congress is unlikely.

Editors' picks

Company Announcements

View all | Post a press release
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell