A new global study commissioned by Kaspersky indicates that supply chain attacks have become the most frequently experienced cyberthreat globally over the past year, with companies in the Asia Pacific (APAC) region also ranking them among their top concerns.
Globally, nearly one in three companies (31%) reported being impacted by a supply chain threat in the last 12 months.
Source: Global Cybersecurity Outlook 2026, World Economic Forum
The risk exposure in APAC is particularly pronounced in certain markets. China recorded the highest incidence in the region, with two-fifths of businesses experiencing a supply chain attack—9% higher than the global average. This is followed by Vietnam (34%), India (29%), Singapore (26%), and Indonesia (20%).
The World Economic Forum has previously noted that 65% of large enterprises cite third-party and supply chain vulnerabilities as their primary barrier to cyber resilience.
The threat is disproportionately focused on the most connected organisations. Large enterprises reported the highest attack rate at 36%, compared to smaller counterparts. These large firms manage an average of around 100 software and hardware suppliers, creating a vast potential attack surface.
Furthermore, these organisations grant system access to an average of over 130 contractors, which facilitates another significant risk: trusted relationship attacks.
Trusted relationship attacks, where threat actors exploit legitimate connections between organisations, affected a quarter (25%) of companies globally over the past year. Singapore was notably the most targeted market in APAC for these attacks, with one in three organisations experiencing such an incident.
Despite their prevalence, the perceived danger of these threats does not align with their frequency. Globally, only 9% of businesses ranked supply chain attacks as their top concern, while just 8% cited trusted relationship attacks as their most dangerous threat, suggesting a dangerous underestimation of the operational impact.
Commenting on the evolving risk environment, Kaspersky's head of security operations, Sergey Soldatov, says: “As organisations grow more interconnected, their exposure to attacks grows with them. Protecting the modern enterprise now demands an ecosystem-wide approach that strengthens not just individual systems, but the entire network of relationships that keeps business operating.”
Kaspersky recommends that organisations mitigate these risks by thoroughly evaluating suppliers, implementing contractual security requirements, adopting Zero Trust principles, and developing incident response plans specifically covering supply chain breaches.
