The growing complexity of supply chains and the limited control organizations have over them has become a primary concern for executives, emerging as the top cyber risk from an ecosystem perspective. This year, 54% of large organizations highlight supply chain challenges as the greatest barrier to achieving cyber resilience. By comparison, third-party risk management does not feature among the top five concerns for smaller organizations.The complexity of supply chain interdependencies The main organizational challenges to cyber resilience TABLE 1 Most of these concerns, according to the GCO survey, are centred on software vulnerabilities introduced by third parties or vendors and cyberattacks, such as malware distribution, that exploit weaknesses in the supply chain. Following the US Executive Order 14028: Improving the Nation’s Cybersecurity, which put a strong emphasis on software bill of materials (SBOM),38 other standards and regulations such as Payment Card Industry Data Security Standard (PCI DSS) and the EU’s Cyber Resilience Act introduce SBOM-related requirements in order to allow organizations to better understand, manage and secure their applications.39Small organizations Medium organizations Large organizations 01 Complex and evolving threat landscape01 Complex and evolving threat landscape01 Third-party risk management 02 Skills shortage02 Third-party risk management02 Complex and evolving threat landscape 03 Lack of incident response preparedness03 Complexity of environments (e.g. IT, OT, IoT)03 Complexity of environments (e.g. IT, OT, IoT) Global Cybersecurity Outlook 2025 24