New Bitsight TRACE research reveals hidden cyber threats in global supply chains, particularly from foreign-linked providers and overlooked technology vendors. The report identifies that one-third of the U.S. supply chain depends on software or services from companies designated as ‘Chinese Military Companies’ by the U.S. Department of Defense, raising concerns over espionage and data security. Despite growing restrictions, Chinese state-linked firms remain deeply embedded in the U.S. digital infrastructure, posing a significant cybersecurity risk.
The study highlights ‘Hidden Pillars’—small specialized providers with large market shares in critical industries like energy, finance, and logistics. These providers, sometimes with fewer than 50 employees, support major companies, and a security failure could trigger widespread effects across sectors.
Providers face greater cybersecurity challenges than the businesses they serve due to larger attack surfaces, more complex vendor relationships, and higher risk exposure. Bitsight’s research also found that large providers, especially those with significant market share, often have prolonged vulnerabilities, making them prime targets for cyber threats.
Bitsight stresses the importance of continuously evaluating third-party vendors and securing the digital supply chain to prevent potential cascading effects on industries worldwide.
