High resilience (%) Insufﬁcient resilience (%)40% 20% 80% 60%We involve our security function in the procurement process76% 53% We assess the security maturity of our suppliers74% We share information on threats with partners in our ecosystem (customers, suppliers, partners)53% We simulate cyber incidents and/or plan recovery exercises with our ecosystem partners44% We map our ecosystem in detail to understand where we or our partners are exposed to cyberthreats44% We align our cyber resilience strategy among our ecosystem partners40% 0%48% 31% 16% 23% 26%How does your organization address supply chain cyber risk? (select all that apply)Organizational supply chain risk, by resilience level FIGURE 35 Moreover, highly resilient organizations demonstrate a broader risk perspective, focusing not only on their internal posture but also on external dependencies across their ecosystem. Survey data shows that supply chain exposure ranks as the top cyber risk concern among high-resilience organizations, whereas moderately resilient and insufficiently resilient organizations ranked it only fifth (see Table 5). This suggests that more mature organizations are increasingly recognizing that their resilience depends as much on the strength of their partners as on their own defences.Crisis management Resilient organizations have crisis plans and playbooks in place and regularly conduct ecosystem-wide exercises. According to survey data, 44% of highly resilient organizations simulate cyber incidents with their ecosystem partners, compared to only 16% of insufficiently resilient ones. They are also significantly better prepared for incident response and recovery – only 15% of highly resilient organizations report insufficient planning in this area, versus 37% of less resilient organizations.Ecosystem engagement Highly resilient organizations are more proactive in engaging their entire ecosystem: 53% share cybersecurity information with partners (compared to 31% of insufficiently resilient organizations); 74% assess the security of their suppliers (versus 48%); and 44% map their ecosystem and evaluate partners’ exposure to risk (versus 23%). Global Cybersecurity Outlook 2026 42