Cyberattacks on the supply chain cost the industry $53.2 billion in 2025according to the report ‘Attacks on the supply chain: 2025 analysis and 2026 trends’ prepared by the cybersecurity division of the Prosegur Group, Cipher.
Cyberattacks on the supply chain have been growing in recent years from a base that seemed limited, but with a clear objective of scale that according to all reports is occurring, according to the Prosegur division, doubling last year to be among the most costly and complex breaches for organizations to detect and manage.
Cipher’s analysis includes data from reference sources from IBM, Verizon DBIR, Sophos, KELA and Sonatype, and shows that 22.5% of all security breaches recorded in 2025 involved third parties or vendors, twice as much as in 2024. This trend confirms a structural change in the tactics of attackers, who prioritize the indirect compromise of organizations through their technological dependencies, software providers, services cloud and SaaS integrations.
Recent cases in large distribution chains and industrial manufacturers show that these incidents can cause operational interruptions, production stops and million-dollar losses in income and market value.
The report highlights the intensification and diversification of the threat landscape throughout 2025, with especially high ransomware activity, which resulted in 4,701 incidents recorded globally between January and September. Adding to this pressure is the growing use of the open source ecosystem as an attack vector, with 877,522 malicious packages detected in open source repositories, a trend that reflects the interest of malicious actors in exploiting dependencies widely used by organizations.
This context has had a particularly significant impact on the manufacturing sector, where attacks grew by 61% year-on-year, placing it among the most affected areas along with technology, retail and other highly interconnected critical sectors. The report also highlights that organizations take an average of 254 days to detect and contain a breach originating in the supply chain, which amplifies its operational, economic and reputational impact, explains David Manzanero Iglesias, head of Cipher’s x63 Unit:
«The digital supply chain has become the new attack perimeter. “Adversaries no longer need to directly violate a large company, they just need to compromise one of its technology providers to silently and massively escalate the impact.”.
Cipher anticipates for 20206 a intensified attacks on the supply chain linked to artificial intelligence, digital identities and managed services, as well as an evolution of the ransomware towards triple extortion models. In this context, the report recommends strengthening third-party risk management, auditing critical integrations, adopting Zero Trust architectures and drastically reducing detection times through advanced detection and managed response systems.
