While supply chain vulnerabilities are worrying both business and cyber executives, Global Cybersecurity Outlook survey data shows that among a variety of concerns, CISOs tend to be more worried about the integrity of their external dependencies than CEOs. Among cyber risks, supply chain vulnerabilities have ranked as the second-most concerning issue for CISOs for two consecutive years. CISOs are deeply attuned to the technological interdependencies that have evolved as organizations adopt new systems to support both operations and resilience, making them more sensitive to potential disruptions in business continuity. The top supply chain risks in 2026 Organizations often lack direct control over the security practices of third-party vendors and suppliers. The Global Cybersecurity Outlook survey shows that inheritance risk – the inability to assure the integrity of third-party software, hardware and services – is the top supply chain risk, followed by visibility. Even when strong internal controls are in place, the weakest link is frequently a supplier or partner with lower cybersecurity maturity. This is especially acute with smaller suppliers, who may lack the resources or incentives to implement robust security measures. Supply chain risks differ across industries. Overall, limited visibility emerges as the primary risk across industry clusters – especially for energy; financial services; manufacturing, supply chain and transportation; and materials and infrastructure – followed by inheritance risk. Ranking of top supply chain cyber risk TABLE 6 Rank What do you see as the main supply chain cyber risk for your organization? 1 Inheritance risk: Unable to assure integrity of third-party software, hardware and services 2 Visibility: Lack of visibility into extended supply chain 3 Concentration risk: Too great dependence on critical third-party suppliers 4 Procurement risk: Unable to apply security controls to third-party suppliers 5 External factors: Uncertainty of impact of external factors Top supply chain risk, by industry TABLE 7 Industry Top supply chain risk Second supply chain risk Energy Visibility: Lack of visibility into extended supply chainInheritance risk: Unable to assure integrity of third-party software, hardware and services Financial services Visibility: Lack of visibility into extended supply chainConcentration risk: Too great dependence on critical third-party suppliers Health and consumerInheritance risk: Unable to assure integrity of third-party software, hardware and servicesVisibility: Lack of visibility into extended supply chain ICT and mediaInheritance risk: Unable to assure integrity of third-party software, hardware and servicesVisibility: Lack of visibility into extended supply chain Manufacturing, supply chain and transportationVisibility: Lack of visibility into extended supply chainConcentration risk: Too great dependence on critical third-party suppliers Materials and infrastructureVisibility: Lack of visibility into extended supply chainConcentration risk: Too great dependence on critical third-party suppliers Professional services and institutionalInheritance risk: Unable to assure integrity of third-party software, hardware and servicesVisibility: Lack of visibility into extended supply chain Global Cybersecurity Outlook 2026 46