Rethinking Supply Chain Security: Findings from CloudBees Global C-Suite Security Survey

By Prakash Sethuraman, Chief Information Security Officer, CloudBees

With rising security breaches around the world putting pressure on software development organizations, more and more C-suite executives are embracing supply chain security as one of their top business priorities. Today, it’s no longer a matter of whether executives want to secure the supply chain or not, but whether they are doing it successfully. 

To gauge the increasing attention to software security, CloudBees conducted an online Global C-Suite Security Survey of 500 C-suite executives from companies across the U.S., U.K., Germany, and France. Although the executives expressed overall confidence in the security of their current software supply chains, the survey also revealed the ongoing challenges they face when dealing with emerging attacks. 

Among global executives, there is a clear consensus that supply chain security is a greater priority than ever before. According to the survey, 95% of respondents think more about securing their supply chain now than they did just two years ago, and 92% say a security issue would negatively impact their brand. The good news is that most executives are confident their software supply chains are in fact secure. Although responses vary by geography, on average 95% of respondents stated that their software supply chains are either “secure” or “very secure,” and 93% say they are prepared to deal with ransomware or a cyberattack targeting their supply chain. 

However, despite the executive’s confident perspective, challenges remain for companies seeking to comprehensively combat supply chain vulnerabilities. For example, although 93% of C-suite executives say they routinely practice dealing with supply chain disruptions in production, only 58% of respondents say they have a clear idea of how their company would respond to a live security breach.   

What this points to is a lack of preparation. Out of the 500 C-suite executives in the survey, 45% admit that initiatives to secure their supply chains are only halfway complete or less; 64% say they would not know who to turn to first if their supply chain was attacked, and 64% say it would take more than four days to fix a problem. 

Such a lack of preparation can affect other areas of a company, including innovation. According to respondents, if a disruption due to a security issue were to occur, more time would be spent on fixing code and less time on innovation. In fact, 83% of C-suite executives acknowledge that security issues cause their developers to drop everything to review code and 82% say they are losing time employees could be spending on innovation. Just think about how much extra time companies would be able to spend innovating—rather than fixing issues—if security initiatives were built into the supply chain from the start.

Security in the supply chain can be a huge undertaking. It’s no wonder almost three-quarters of C-suite executives would rather deal with a natural disaster than with a security issue in their software. While there’s certainly a lot to consider when strengthening your supply chain, it can help to think of this process like an infinity loop, where security is baked in development, delivery, and production (and where building, testing, releasing, deploying, operating, monitoring, planning, and coding are also part of the equation). Securing every curve and crossover in this loop ensures your company is fortified against disaster. So if you think your supply chain is secure, this survey is a reminder you might want to check it again.

To read the full Global C-Suite Security Survey, download it here.