Shortage of Cybersecurity Talent

In the modern, hyper-connected corporate landscape, a company is only as secure as the least protected vendor in its network. A comprehensive new global study from Kaspersky has pulled back the curtain on this growing vulnerability, revealing that supply chain and “trusted relationship” breaches have matured into a top-tier threat. With one-third of all organizations globally suffering a successful hit through their partners in the last year, the digital “front door” is no longer the only entry point hackers are using to dismantle enterprise security.

The crisis is particularly acute in the Middle East, where a severe shortage of qualified IT security talent has left 44% of organizations struggling to keep pace with the evolving threat landscape. This human capital gap is compounded by a logistical one, as 42% of regional businesses report being forced to juggle too many competing cybersecurity priorities. When security teams are stretched thin, they naturally gravitate toward immediate, internal “firefighting,” often leaving the slow-moving, silent risks buried within their provider ecosystems entirely unaddressed.

Consider the divergent paths of two theoretical entities: “Global Logistics Corp” and “Tech-Forward Manufacturing.” Global Logistics, operating with a lean team and no formal third-party vetting process, recently signed a contract with a small billing software provider. Because the contract lacked specific security obligations and the internal team was too busy to conduct a penetration test, a vulnerability in the billing software allowed attackers to pivot directly into Global Logistics’ financial database. Conversely, Tech-Forward Manufacturing, having survived a similar scare years prior, now treats every vendor as a potential risk. They mandate compliance with industry standards and review contractor supply chain policies before a single byte of data is shared. The study shows this “experience effect” is a global trend, as victims of past breaches are significantly more likely to demand rigorous proof of security, such as penetration test results or standardized audit reports, from their partners.

The data suggests that most businesses remain in a state of dangerous optimism. While 83% of organizations admit their current protections against supply chain risks are inadequate, only a tiny fraction have moved toward a unified defense. Currently, even basic measures like two-factor authentication or regular contractor reviews are practiced by fewer than 41% of companies. This lack of ongoing visibility means that nearly two-thirds of the business world is essentially operating in the dark regarding the security health of their partners.

Sergey Soldatov, Head of the Security Operations Center at Kaspersky, suggests that the only way to break this cycle of exposure is to transform supply chain security from a technical footnote into a shared, enforceable business responsibility. This involves a strategic shift toward managed security services for those lacking internal resources, constant upskilling of existing staff to recognize sophisticated third-party maneuvers, and the integration of strict security protocols directly into the legal fabric of vendor contracts. By treating every partnership as a strategic security alliance rather than a simple transaction, organizations can finally begin to close the gaps that silent threats have been exploiting for years.