{"id":22565,"date":"2025-07-09T08:00:00","date_gmt":"2025-07-09T12:00:00","guid":{"rendered":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/?p=22565"},"modified":"2025-07-09T09:06:16","modified_gmt":"2025-07-09T13:06:16","slug":"levelblue-warns-of-global-readiness-gaps-in-supply-chain-security","status":"publish","type":"post","link":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/security\/levelblue-warns-of-global-readiness-gaps-in-supply-chain-security.html","title":{"rendered":"LevelBlue Warns of Global Readiness Gaps in Supply Chain Security"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"alignright size-full is-resized\"><a href=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2025\/06\/image-110.png\"><img loading=\"lazy\" decoding=\"async\" width=\"377\" height=\"721\" src=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2025\/06\/image-110.png\" alt=\"\" class=\"wp-image-22566\" style=\"width:262px;height:auto\"\/><\/a><\/figure><\/div>\n\n\n<p><strong>Key Takeaways:<\/strong><\/p>\n\n\n\n<ul>\n<li>80% of organizations with low visibility into their software supply chain experienced a breach in the last year, compared to just 6% of those with high visibility.<\/li>\n\n\n\n<li>CEOs are more concerned than IT executives about software supply chain risks, with 40% citing it as their top cybersecurity threat.<\/li>\n\n\n\n<li>Regional gaps persist: 57% of North American organizations feel prepared for an attack, but only 44% of APAC companies say the same.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>As organizations increasingly rely on third-party software, open-source components, and AI-powered development tools, <a href=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2025\/06\/DA-Software-Supply-Chain-Cybersecurity-2.pdf\">LevelBlue\u2019s 2025 Data Accelerator Report<\/a> underscores a critical and growing risk: software supply chain security. The report, highlights major visibility and preparedness gaps that may be contributing to a surge in breaches and escalating concerns among business leaders.<\/p>\n\n\n\n<p>LevelBlue has been making significant progress in helping companies stay secure. We had an exclusive <a href=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/security\/with-a-new-name-and-strong-cybersecurity-pedigree-levelblue-targets-mssps-and-msps.html\">interview<\/a> with Chief Evangelist, Theresa Lanowitz and discussed the company&#8217;s spinout from AT&amp;T, Theresa said, \u201cWe\u2019re working with MSSPs, MSPs, and resellers alike. Whether a partner has their own SOC or not, we can help them build or enhance their security offerings. We\u2019re giving them a full toolkit to serve their customers and grow their business.\u201d More recently we had another <a href=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/security\/exclusive-interview-with-rakesh-shah-vp-of-product-management-levelblue-formerly-att-cybersecurity.html\">interview<\/a> with Rakesh Shah, VP of Product Management where Rakesh said, \u201cIt\u2019s hard to get separated when you\u2019re so deeply entrenched into a company like AT&amp;T,\u201d said Rakesh Shah. \u201cIt wasn\u2019t just systems\u2014it was culture, devices, processes. But we\u2019ve made huge progress, and now we\u2019re positioned to act faster, support more customers, and innovate at our own pace.\u201d Shah continued, \u201cWe\u2019ve seen it time and again. Whether you\u2019re a target of choice or a target of chance, you\u2019re in the crosshairs,\u201d Shah explained. \u201cThat\u2019s why we\u2019re focused on cyber resilience\u2014helping customers not just prevent attacks, but recover, adapt, and maintain operations when something does get through.\u201d<\/p>\n\n\n\n<p>A week ago we reported the company was <a href=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/e-commerce\/levelblue-acquires-trustwave-to-form-1b-cybersecurity-powerhouse.html\">acquiring Trustwave<\/a> to form a billion dollar cybersecurity powerhouse. This company has been extremely active!<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Visibility: A Key Predictor of Breach Risk<\/h3>\n\n\n\n<p>The most striking finding in LevelBlue\u2019s research is the sharp contrast in breach rates based on software supply chain visibility. A staggering 80% of organizations with \u201cvery low visibility\u201d reported a breach in the past 12 months. By contrast, just 6% of companies with \u201cvery high visibility\u201d experienced a breach in the same period.<\/p>\n\n\n\n<p>Despite the increasing urgency of supply chain threats, fewer than a quarter of organizations globally claim to have very high visibility into their software supply chain\u2014a consistent trend across North America, Europe, Latin America, and APAC.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">CEOs Sound the Alarm<\/h3>\n\n\n\n<p>Business leaders are becoming more vocal about the risks. According to the report, 40% of CEOs believe that software supply chain threats represent the most significant cybersecurity risk facing their organization. That concern notably outpaces the perspective of CIOs (29%) and CTOs (27%). CEOs are also more likely to flag AI adoption as a risk amplifier for supply chain vulnerabilities.<\/p>\n\n\n\n<p>\u201cMedia attention around incidents like SolarWinds and Log4j has moved the issue up the executive agenda,\u201d the report notes. Sixty-eight percent of organizations said that news coverage has driven cybersecurity discussions at the C-suite level.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Global Readiness Gaps<\/h3>\n\n\n\n<p>Preparedness varies significantly by region. In North America, 57% of companies say they\u2019re ready for a supply chain attack. In Europe and Latin America, that number hovers just above 50%. In APAC, it falls to 44%\u2014making the region both the least prepared and one of the most concerned about third-party risk management and unsupported software.<\/p>\n\n\n\n<p>Latin American organizations expressed the highest concern about specific software supply chain risks, with 58% citing third-party distribution channels and 56% naming third-party risk management as top threats. APAC organizations, meanwhile, flagged open-source software as especially risky\u2014more so than their peers in other regions.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full is-resized\"><a href=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2025\/06\/image-111.png\"><img loading=\"lazy\" decoding=\"async\" width=\"387\" height=\"718\" src=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2025\/06\/image-111.png\" alt=\"\" class=\"wp-image-22567\" style=\"width:271px;height:auto\"\/><\/a><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Low Prioritization of Supplier Engagement<\/h3>\n\n\n\n<p>Despite the widespread recognition of third-party risk, only about a quarter of respondents in any region said that engaging with software suppliers about their security credentials is a top priority for the next 12 months. This disconnect could leave organizations exposed to indirect threats and vulnerabilities they can\u2019t easily detect or mitigate.<\/p>\n\n\n\n<p>\u201cProactively engaging with suppliers is a critical way to increase confidence in cybersecurity overall,\u201d the report states. Yet this remains a blind spot for many teams, suggesting that even those who are increasing investments in cybersecurity may not be applying pressure across their full ecosystem.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Regional Investment Trends<\/h3>\n\n\n\n<p>The report shows encouraging momentum in Europe and Latin America, where 67% and 64% of organizations, respectively, are making moderate or significant investments in software supply chain security. North America is slightly behind at 61%, while APAC trails at 54%\u2014despite being the region least confident in its ability to withstand an attack.<\/p>\n\n\n\n<p>This data suggests that perceived preparedness may be leading to a false sense of security in regions like North America, where breach risk remains elevated despite higher self-reported confidence.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Four Actionable Steps<\/h3>\n\n\n\n<p>To help enterprises respond to these findings, LevelBlue outlines four recommended actions:<\/p>\n\n\n\n<ol>\n<li>Leverage C-suite awareness to drive budget and focus toward supply chain transparency.<\/li>\n\n\n\n<li>Identify and prioritize key vulnerabilities within the organization\u2019s supply chain ecosystem.<\/li>\n\n\n\n<li>Invest in advanced cybersecurity measures such as threat detection and vulnerability management.<\/li>\n\n\n\n<li>Regularly assess software suppliers and request documented evidence of their cybersecurity practices.<\/li>\n<\/ol>\n\n\n\n<p>These steps are designed to create a foundation for long-term resilience as enterprises continue to integrate AI, open-source tools, and third-party platforms into their operations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Conclusion<\/h3>\n\n\n\n<p>The findings from LevelBlue\u2019s 2025 Data Accelerator Report reveal a cybersecurity ecosystem at a turning point. While awareness is rising and some regions are responding with increased investment, major blind spots persist\u2014particularly in supplier oversight and real-time visibility. With attack surfaces growing and adversaries targeting upstream code and distribution channels, organizations may need to reframe software supply chain risk not as an IT issue, but as a business imperative with far-reaching consequences.<\/p>\n\n\n\n<p><strong><mark>Le<em>arn how AI Agents can supercharge your company\u2019s profits and productivity at&nbsp;<a href=\"http:\/\/www.tmcnet.com\/\">TMC\u2019s&nbsp;<\/a><a href=\"https:\/\/www.aiagentevent.com\/\">AI Agent Event<\/a>, Sept 29-30, 2025 in DC.<\/em><\/mark><\/strong><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright\"><a href=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2025\/05\/image-10.png\"><img loading=\"lazy\" decoding=\"async\" width=\"299\" height=\"136\" src=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2025\/05\/image-10.png\" alt=\"\" class=\"wp-image-20657\"\/><\/a><\/figure><\/div>\n\n\n<p>If you liked this post, you\u2019ll love one of the the leading global business communications and technology events since 1999, the&nbsp;<a href=\"http:\/\/www.itexpo.com\/\">ITEXPO #TECHSUPERSHOW<\/a>, Feb 10-12, 2026 Fort Lauderdale, Florida.<\/p>\n\n\n\n<p>Don\u2019t forget the collocated&nbsp;<a href=\"http:\/\/www.mspexpo.com\/\">MSP Expo<\/a>&nbsp;\u2013 just for managed service providers!<\/p>\n\n\n\n<p><em>Aside from his role as CEO of&nbsp;<a href=\"http:\/\/www.tmcnet.com\/\">TMC<\/a>&nbsp;and chairman of&nbsp;<a href=\"http:\/\/www.itexpo.com\/\">ITEXPO<\/a>&nbsp;#TECHSUPERSHOW Feb 10-12, 2026,&nbsp;Rich Tehrani is CEO of&nbsp;<a href=\"https:\/\/www.rt-advisors.com\/\">RT Advisors<\/a>&nbsp;and a Registered Representative (investment banker) with and offering securities through&nbsp;<a href=\"https:\/\/www.4pointscapital.com\/\">Four Points Capital Partners LLC&nbsp;<\/a>(Four Points) (Member FINRA\/SIPC). He handles capital\/debt raises as well as M&amp;A. RT Advisors is not owned by Four Points.<\/em><\/p>\n\n\n\n<p>The above is not an endorsement or recommendation to buy\/sell any security or sector mentioned. No companies mentioned above are current or past clients of RT Advisors.<\/p>\n\n\n\n<p>The views and opinions expressed above are those of the participants. While believed to be reliable, the information has not been independently verified for accuracy. Any broad, general statements made herein are provided for context only and should not be construed as exhaustive or universally applicable.<\/p>\n\n\n\n<p><em>Portions of this article may have been developed with the assistance of artificial intelligence, which may have contributed to ideation, content generation, factual review, or editing<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Key Takeaways: As organizations increasingly rely on third-party software, open-source components, and AI-powered development tools, LevelBlue\u2019s 2025 Data Accelerator Report underscores a critical and growing risk: software supply chain security. The report, highlights major visibility and preparedness gaps that may be contributing to a surge in breaches and escalating concerns among business leaders. LevelBlue has<\/p>\n","protected":false},"author":44,"featured_media":22575,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[156],"tags":[],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/22565"}],"collection":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/comments?post=22565"}],"version-history":[{"count":5,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/22565\/revisions"}],"predecessor-version":[{"id":23120,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/22565\/revisions\/23120"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media\/22575"}],"wp:attachment":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media?parent=22565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/categories?post=22565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/tags?post=22565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}