LevelBlue, a leading provider of managed security services, strategic consulting, and threat intelligence, has officially published the results from a new report named LevelBlue Data Accelerator: Software Supply Chain and Cybersecurity.
Going by the available details, this particular report found no more than 23% of organizations are confident that they have very high visibility of their software supply chain.
More on the same would reveal how this particular piece of data is supported by 2025 LevelBlue Futures Report, which compared risk appetites, investment gaps, and overall preparedness.
Anyway, talk about the company’s latest report on a slightly deeper level, we begin from how the study in question deemed companies to be unnecessarily vulnerable in the context of software supply chain threats. The researchers reached this conclusion after half (49%) of all respondents said they lack the visibility to fully understand, or even identify, the risks.
Such lack of transparency, on its part, would go on to cause more than 80% of organizations with very low visibility to suffer a security breach in the past 12 months, marking a stark contrast from just 6% of those who enjoy very high visibility.
Beyond that, 80% of organizations, with low visibility, said they view critical factors like custom code, commercial off-the-shelf software, and API integrations as very risky or somewhat risky.
Next up, a total of 68% of organizations reported that media attention has significantly enhanced cybersecurity on the wider C-suite agenda. A byproduct of this has been that more and more organizations are now discovering third-party risk management to be one of their biggest threats.
Having said so, only a quarter (25%) organizations plan to prioritize engaging with software suppliers about security credentials in the next 12 months.
Another detail worth a mention relates to how a contingent of 40% CEOs believe that the biggest security risk the organization faces today is from the software supply chain, as compared with 29% of CIOs and 27% of CTOs. Furthermore, 39% of all surveyed CEOs claimed that AI adoption presents a greater risk to the software supply chain.
If we talk about North America, the top three risks for organizations were deemed to be third-party software distribution channels (49%), third-party risk management (48%), and unsupported software (48%).
However, fortunately enough, 57% of North American organizations said they are prepared for software supply chain attacks, compared to 44% in APAC. As for Europe and Latin America, 51% and 50% say they are prepared, respectively.
The LevelBlue Data Accelerator also took this opportunity to share some actionable measures that organizations can implement in order to strengthen their security posture.
These measures include leveraging C-suite awareness. Here, the companies are advised to capitalize on leadership’s understanding of risks to secure budgets for enhanced security measures.
Then, there is a suggestion to actively commit to identifying vulnerabilities. This translates to how organizations must work internally to pinpoint major vulnerabilities and understand their potential business impact to prioritize shorter-term visibility improvements.
Proactive investment is also one of the various steps you can take to manage the presented risk. Hence, by continuously investing in cybersecurity measures such as advanced threat detection and response alongside exposure and vulnerability management technologies, companies across the board can stay prepared for emerging and evolving cyber risks.
Beyond that, LevelBlue’s emphasizes the importance of supplier credentials. You see, organizations must request and regularly assess evidence of suppliers’ cybersecurity credentials to build confidence and maintain resilience.
As for the study’s methodology, it involved a quantitative survey, conducted by FT Longitude in January 2025, of more than 1,500 C-suite and senior executives from across 16 countries and seven different industries. The industries that were covered include energy and utilities, financial services, healthcare, manufacturing, retail, transportation, and US SLED (state, local government, and higher education).
“Our Accelerator underscores an immediate need for organizations to prioritize a transparent and secure software supply chain,” said Theresa Lanowitz, Chief Evangelist of LevelBlue. “In an era of increasing AI disruption and evolving threats from nation-states and cybercriminal groups, the ability to withstand and recover from cyberattacks is directly tied to a clear understanding of an organization’s software ecosystem.”
