BlackBerry Commissioned Research Reveals Four in Five Software Supply Chains Exposed to Cyberattack in the Last 12 Months

October 26, 2022
  • 77% of businesses uncovered hidden participants in their software supply chain that they were not previously aware of
  • 72% call for greater government oversight of open-source software to increase cyber protection

NEW YORK, UNITED STATES – October 26, 2022 – BlackBerry Limited (NYSE: BB; TSX: BB) today revealed new research at the 9th annual BlackBerry Security Summit, exposing the magnitude of software supply chain cybersecurity vulnerabilities in today’s organizations. Four in five (80%) IT decision makers stated that their organization had received notification of attack or vulnerability in its supply chain of software in the last 12 months, with the operating system and web browser creating the biggest impact. Following a software supply chain attack, respondents reported significant operational disruption (59%), data loss (58%) and reputational impact (52%), with nine out of ten organizations (90%) taking up to a month to recover.

The results come at a time of increased U.S. regulatory and legislative interest in addressing software supply chain security vulnerabilities.

The survey of 1,500 IT decision makers and cybersecurity leaders across North America, the United Kingdom and Australia revealed the significant challenge of securing software supply chains against cyberattack, even with rigorous use of recommended measures such as data encryption, Identity Access Management (IAM) and Secure Privileged Access Management (PAM) frameworks. Despite enforcing these measures across partners, more than three-quarters (77%) of respondents had, in the last 12 months, discovered unknown participants within their software supply chain that they were not previously aware of and that they had not been monitoring for adherence to critical security standards.  

“While most have confidence that their software supply chain partners have policies in place of at least comparable strength to their own, it is the lack of granular detail that exposes vulnerabilities for cybercriminals to exploit,” said Christine Gadsby, VP, Product Security at BlackBerry. “Unknown components and a lack of visibility on the software supply chain introduce blind spots containing potential vulnerabilities that can wreak havoc across not just one enterprise, but several, through loss of data and intellectual property and operational downtime, along with financial and reputational impact. How companies monitor and manage cybersecurity in their software supply chain has to rely on more than just trust.”

Results also revealed that while, on average, organizations were found to perform a quarterly inventory of their own software environment, they were prevented from more frequent monitoring by factors including a lack of skills (54%) and visibility (44%). In fact, 71% said they would welcome tools to improve inventory of software libraries within their supply chain and provide greater visibility to software impacted by a vulnerability. Similarly, 72% were in favor of greater governmental oversight of open-source software to make it more secure against cyber threats.

In the event of a breach, 62% of respondents agree that speed of communications is paramount and 63% would prefer a consolidated event management system for contacting internal security stakeholders and external partners. Yet only 19% have this kind of communications system in place. Multiple systems are in place with the remaining 81%, despite only 28% of respondents saying that they need to tailor communications to different stakeholder groups.

For more information on how BlackBerry’s comprehensive, prevention-first, AI-driven cybersecurity solutions can help your business prepare for, prevent, detect and respond to cyber threats, please visit

Notes to editor: Research conducted in October 2022 by Coleman Parkes on behalf of BlackBerry, into 1,500 IT Decision Makers and Cybersecurity professionals across North America (USA and Canada), the United Kingdom and Australia.


About BlackBerry

BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world.  The company secures more than 500M endpoints including over 215M vehicles.  Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint management, endpoint security, encryption, and embedded systems.  BlackBerry’s vision is clear - to secure a connected future you can trust. 

BlackBerry. Intelligent Security. Everywhere.  

For more information, visit and follow @BlackBerry.

Trademarks, including but not limited to BLACKBERRY and EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, and the exclusive rights to such trademarks are expressly reserved.  All other trademarks are the property of their respective owners.  BlackBerry is not responsible for any third-party products or services.

Media Contacts:
BlackBerry Media Relations
+1 (519) 597-7273