Cybersecurity supply chain risk management predictions for 2025

DTS CEO and President Edward Tuorinsky shares his cybersecurity prediction for shaping the 2025 business landscape.

Cybersecurity in 2025 is like that party game where you whisper a phrase to the person next to you. One mistake is passed along to others, with funny outcomes. The stakes are higher, and the results are less amusing when data breaches or hacks travel along a supply chain.

2025 Prediction: Cybersecurity supply chain risk management (C-SCRM)

As the new year starts, I believe U.S. businesses will focus heavily on cybersecurity and, specifically, cybersecurity supply chain risk management (C-SCRM).

Assessing and managing the cybersecurity risk of all partners with whom you share data connections is integral to your company’s security posture. Bad actors target easy marks – often small, unprotected companies with connections to larger, more lucrative data.

C-SCRM efforts are getting a big push from the Department of Defense (DoD), which implemented Cybersecurity Maturity Model Certification (CMMC) requirements for its 200,000+ contractors.

Though there are more than 33 million businesses in the U.S., as the DoD’s mandates trickle down, thousands of subcontractors, vendors, and suppliers to these companies will need proof of their security compliance, too. And those companies will need to attest to the security of their supply chains. The result is that millions of U.S. businesses will need to meet cybersecurity standards – and provide others with proof of their compliance.

Companies with established or specialized supply chains have often been hesitant to sever ties with partners or suppliers due to cybersecurity concerns. However, I believe we will see a shift in this attitude this year.

The potential risks associated with cybersecurity are a strong motivator for change, and thoroughly vetting your supply chain is one of the most cost-effective measures companies can take to enhance their cybersecurity. While defending against cyber threats is a constant battle, supply chain security strengthens the entire ecosystem.

Increasingly, companies are viewing cybersecurity as a business problem, not just a technical one. Every business process and outside connection is scrutinized for risks. Using a zero-trust approach, which assumes all users, devices, and connections are untrustworthy until verified, companies will need to ask their partners, suppliers, and vendors for proof that they have controls in place and are following cybersecurity policies and procedures. Vetting requires
System Security Plans and third-party certifications like ISO, SOC, or CMMC.

I expect we’ll hear of some very public breakups when companies don’t have the documentation or aren’t up to standards.

Look for cybersecurity to be a major topic this year in the technology sector and beyond. Increasingly, security impacts every U.S. business, down to the smallest mom-and-pop shops that take electronic payments or have websites. As compliance requirements for federal contractors move down the line to other U.S. businesses, supply chain risk mitigation also be passed along, like that game of telephone. Securing your supply chain now isn’t more than a risk-mitigating move; it’s the next step forward in a digital world.