Cybercrime in the Supply Chain | Tengler Consulting

Cybercrime in the supply chain – What companies need to know now

Cybercrime has long been a supply chain issue

Cyberattacks no longer only affect the IT department. They directly interfere with operational processes and jeopardize the stability of entire supply chains. With increasing digital networking, close integration of external partners, and global networks, the attack surface is growing. A single hacker attack can paralyze production planning, delay deliveries, and cause lasting damage to customer relationships.
The message is clear: cybersecurity has long been a decisive competitive factor in the supply chain.

Threat situation

The figures speak for themselves: Between 2021 and 2023, supply chain attacks more than quadrupled.[1] Industry is particularly affected, as its closely interlinked value creation networks are an ideal target for cybercriminals.

New legal requirements such as the EU NIS2 Directive further tighten the requirements: In the future, companies will also be liable for cyber vulnerabilities of their suppliers.[2]

The scale of the threat can be summarized in three key figures:

+300% supply chain attacks in just three years [1]
>80% of companies have already been affected by third parties [3]
Only 25% systematically assess risks in their supply chain [4]

This makes it clear that cybercrime has long been a widespread risk that many companies still underestimate.

Real-world examples

Two prominent cases show that cyberattacks have real and massive consequences:

Maersk (2017): A ransomware attack paralyzed global logistics for weeks. The damage: over $200 million.[5]
Colonial Pipeline (2021): A cyberattack caused fuel shortages in the US, resulting in panic buying at gas stations.[6]

These examples make it clear that cybercrime is not an isolated IT problem, but strikes at the heart of the supply chain. When logistics networks come to a halt or critical infrastructure such as energy supplies fail, production plans are disrupted, material flows are interrupted, and entire value chains grind to a halt. This makes it clear that cyberattacks not only endanger data, but also directly threaten the delivery capabilities and production security of companies.

What this has to do with supply chain strategy

The key question is: How can cyber risks be actively integrated into supply chain strategy? Three levers are crucial:

One plan
When cyber risks are included in integrated planning from the outset, companies can respond more quickly and in a more targeted manner. Scenarios can be systematically played out, such as the question of how the supply chain remains stable if a transport service provider fails due to a cyberattack.

Segmentation
Since not all suppliers are equally important or equally risky, companies should evaluate their partners in a differentiated manner. Critical suppliers must be prioritized so that targeted security measures can be implemented, and resources can be used efficiently.

Inventory & Network
Companies should consciously secure critical inventories to avoid supply gaps in an emergency. Network simulations help to place these inventories optimally. At the same time, it is crucial to regularly review the network structure: unilateral dependencies such as single sourcing increase risk, while alternatives such as dual sourcing or nearshoring strengthen resilience.

Recommended actions

The following steps are key to systematically strengthening cyber resilience in the supply chain:

Regularly and automatically check third parties
Segment and classify supplier risks
Integrate cyber risks into the One Plan
Maintain targeted security buffers for critical parts
Review governance structures (clear roles, responsibilities, escalation paths)
Sensitize and train employees – awareness is a key component
Use secure communication platforms instead of unprotected emails

In addition, cybercrime risks should be measured regularly in the Sales and Operations Planning (S&OP) process and reviewed as a KPI. This transforms cybersecurity from an IT problem into an integral part of supply chain management.

Figure 1: Recommendations on strategic, tactical and operational level (of the supply chain)

Conclusion

Cybercrime is a strategic supply chain risk with real economic consequences. Companies that manage to embed cyber resilience as part of their supply chain strategy not only secure their data, but also their delivery capabilities and reputation.

The consulting approach is clear: integrate, prioritize, secure – instead of just reacting.

Companies that establish cyber risks as an integral part of their supply chain planning not only gain security, but also a decisive competitive advantage.

Sources:
[1] Cyberint, 2024: The Weak Link: Recent Supply Chain Attacks Examined [Accessed: 28 September 2025].
[2] Die Presse, 2025: Haftung für Cyberrisiken [Accessed: 28 September 2025].
[3] BlueVoyant, 2024: New Report from BlueVoyant Shows Progress in Third-Party Cyber Risk Management, But Breaches Persist [Accessed: 28 September 2025].
[4] Next Education Group, 2024: Has the Focus on Supply Chain Resilience Waned? [Accessed: 28 September 2025].
[5] Wired, 2018: The Untold Story of NotPetya, the Most Devastating Cyberattack in History ? [Accessed: 28 September 2025].
[6] Forbes, 2021: Colonial Pipeline Restarts Operations After Hack, But Fuel Shortages Will Linger [Accessed: 28 September 2025].

Further insights

For more information on optimizing your supply chain planning, please take a look at our Insights.

Check now how well your supply chain is protected against cyberattacks—and make cyber resilience an integral part of your strategy. Contact us at office@tenglerconsulting.com or connect with us on LinkedIn.

https://tenglerconsulting.com/wp-content/uploads/2025/09/Erdrutsch-Cover-Bild-scaled.jpg 2560 1438 Arne Siebott Arne Siebott https://secure.gravatar.com/avatar/e283e3d4fcfbad6277155c977ecf9b06f53c33ba9db05ee03e7edaab615d8c1a?s=96&d=mm&r=g 20. October 2025 21. October 2025