LevelBlue Warns of Global Readiness Gaps in Supply Chain Security

Key Takeaways:

  • 80% of organizations with low visibility into their software supply chain experienced a breach in the last year, compared to just 6% of those with high visibility.
  • CEOs are more concerned than IT executives about software supply chain risks, with 40% citing it as their top cybersecurity threat.
  • Regional gaps persist: 57% of North American organizations feel prepared for an attack, but only 44% of APAC companies say the same.

As organizations increasingly rely on third-party software, open-source components, and AI-powered development tools, LevelBlue’s 2025 Data Accelerator Report underscores a critical and growing risk: software supply chain security. The report, highlights major visibility and preparedness gaps that may be contributing to a surge in breaches and escalating concerns among business leaders.

LevelBlue has been making significant progress in helping companies stay secure. We had an exclusive interview with Chief Evangelist, Theresa Lanowitz and discussed the company’s spinout from AT&T, Theresa said, “We’re working with MSSPs, MSPs, and resellers alike. Whether a partner has their own SOC or not, we can help them build or enhance their security offerings. We’re giving them a full toolkit to serve their customers and grow their business.” More recently we had another interview with Rakesh Shah, VP of Product Management where Rakesh said, “It’s hard to get separated when you’re so deeply entrenched into a company like AT&T,” said Rakesh Shah. “It wasn’t just systems—it was culture, devices, processes. But we’ve made huge progress, and now we’re positioned to act faster, support more customers, and innovate at our own pace.” Shah continued, “We’ve seen it time and again. Whether you’re a target of choice or a target of chance, you’re in the crosshairs,” Shah explained. “That’s why we’re focused on cyber resilience—helping customers not just prevent attacks, but recover, adapt, and maintain operations when something does get through.”

A week ago we reported the company was acquiring Trustwave to form a billion dollar cybersecurity powerhouse. This company has been extremely active!

Visibility: A Key Predictor of Breach Risk

The most striking finding in LevelBlue’s research is the sharp contrast in breach rates based on software supply chain visibility. A staggering 80% of organizations with “very low visibility” reported a breach in the past 12 months. By contrast, just 6% of companies with “very high visibility” experienced a breach in the same period.

Despite the increasing urgency of supply chain threats, fewer than a quarter of organizations globally claim to have very high visibility into their software supply chain—a consistent trend across North America, Europe, Latin America, and APAC.

CEOs Sound the Alarm

Business leaders are becoming more vocal about the risks. According to the report, 40% of CEOs believe that software supply chain threats represent the most significant cybersecurity risk facing their organization. That concern notably outpaces the perspective of CIOs (29%) and CTOs (27%). CEOs are also more likely to flag AI adoption as a risk amplifier for supply chain vulnerabilities.

“Media attention around incidents like SolarWinds and Log4j has moved the issue up the executive agenda,” the report notes. Sixty-eight percent of organizations said that news coverage has driven cybersecurity discussions at the C-suite level.

Global Readiness Gaps

Preparedness varies significantly by region. In North America, 57% of companies say they’re ready for a supply chain attack. In Europe and Latin America, that number hovers just above 50%. In APAC, it falls to 44%—making the region both the least prepared and one of the most concerned about third-party risk management and unsupported software.

Latin American organizations expressed the highest concern about specific software supply chain risks, with 58% citing third-party distribution channels and 56% naming third-party risk management as top threats. APAC organizations, meanwhile, flagged open-source software as especially risky—more so than their peers in other regions.

Low Prioritization of Supplier Engagement

Despite the widespread recognition of third-party risk, only about a quarter of respondents in any region said that engaging with software suppliers about their security credentials is a top priority for the next 12 months. This disconnect could leave organizations exposed to indirect threats and vulnerabilities they can’t easily detect or mitigate.

“Proactively engaging with suppliers is a critical way to increase confidence in cybersecurity overall,” the report states. Yet this remains a blind spot for many teams, suggesting that even those who are increasing investments in cybersecurity may not be applying pressure across their full ecosystem.

Regional Investment Trends

The report shows encouraging momentum in Europe and Latin America, where 67% and 64% of organizations, respectively, are making moderate or significant investments in software supply chain security. North America is slightly behind at 61%, while APAC trails at 54%—despite being the region least confident in its ability to withstand an attack.

This data suggests that perceived preparedness may be leading to a false sense of security in regions like North America, where breach risk remains elevated despite higher self-reported confidence.

Four Actionable Steps

To help enterprises respond to these findings, LevelBlue outlines four recommended actions:

  1. Leverage C-suite awareness to drive budget and focus toward supply chain transparency.
  2. Identify and prioritize key vulnerabilities within the organization’s supply chain ecosystem.
  3. Invest in advanced cybersecurity measures such as threat detection and vulnerability management.
  4. Regularly assess software suppliers and request documented evidence of their cybersecurity practices.

These steps are designed to create a foundation for long-term resilience as enterprises continue to integrate AI, open-source tools, and third-party platforms into their operations.

Conclusion

The findings from LevelBlue’s 2025 Data Accelerator Report reveal a cybersecurity ecosystem at a turning point. While awareness is rising and some regions are responding with increased investment, major blind spots persist—particularly in supplier oversight and real-time visibility. With attack surfaces growing and adversaries targeting upstream code and distribution channels, organizations may need to reframe software supply chain risk not as an IT issue, but as a business imperative with far-reaching consequences.

Learn how AI Agents can supercharge your company’s profits and productivity at TMC’s AI Agent Event, Sept 29-30, 2025 in DC.

If you liked this post, you’ll love one of the the leading global business communications and technology events since 1999, the ITEXPO #TECHSUPERSHOW, Feb 10-12, 2026 Fort Lauderdale, Florida.

Don’t forget the collocated MSP Expo – just for managed service providers!

Aside from his role as CEO of TMC and chairman of ITEXPO #TECHSUPERSHOW Feb 10-12, 2026, Rich Tehrani is CEO of RT Advisors and a Registered Representative (investment banker) with and offering securities through Four Points Capital Partners LLC (Four Points) (Member FINRA/SIPC). He handles capital/debt raises as well as M&A. RT Advisors is not owned by Four Points.

The above is not an endorsement or recommendation to buy/sell any security or sector mentioned. No companies mentioned above are current or past clients of RT Advisors.

The views and opinions expressed above are those of the participants. While believed to be reliable, the information has not been independently verified for accuracy. Any broad, general statements made herein are provided for context only and should not be construed as exhaustive or universally applicable.

Portions of this article may have been developed with the assistance of artificial intelligence, which may have contributed to ideation, content generation, factual review, or editing


 

Loading
Share via
Copy link
Powered by Social Snap