Quarterly insights: Cybersecurity
Business of managing supply chain risks more critical than ever

Securing supply chains against cyberattacks and similar disruptions whose effects are magnified by the interconnectedness of modern infrastructure is a challenge that has been gaining priority for many years. Recent developments such as trade wars, the COVID-19 pandemic, global human rights protests and increasingly sophisticated state-sponsored cyberattacks have further heightened awareness of the critical need to understand and address supply-chain vulnerabilities.
Given the complexity and expansiveness of modern supply chains, this is a daunting and potentially expensive undertaking. In response, a number of companies are building innovative solutions to make this process more efficient and effective. We highlight several such companies.
Regulation is becoming an increasingly prominent driver of the impetus to assess and manage third-party risk, representing a tailwind for these solution providers.
We believe this confluence of forces, along with the inherently ever-evolving nature of risk, will make third-party risk management a large and fast-growing opportunity area for many years to come.
TABLE OF CONTENTS
Includes discussion of CYBR, QLYS and 12 private companies
- Increased regulation also contributing to heightened vendor focus
- Large and long-lived opportunity for third-party risk management
- Cybersecurity index surges from its COVID-19 low, eclipses S&P 500, NASDAQ
- Cybersecurity M&A momentum slows in 2Q
- Cybersecurity private placements in line, average deal size close to two-year mean
INTRODUCTION
Events over the past year have highlighted the need for entities to focus on their supply chains to understand which elements are critical and to ensure they can function through challenging situations. Recent examples of such events include trade wars that prompted new tariffs and trade restrictions, the COVID-19 pandemic with its myriad supply chain and other economic disruptions, protests related to the killing of George Floyd that have restricted transport and other movement in urban centers, and ongoing and increasingly sophisticated state-sponsored cyberattacks.
These events have occurred against a longer-term backdrop of computers having become essential components of most critical systems in all industries as well as a general move of IT infrastructures to cloud based architectures and reliance on cloud-based applications. We believe the convergence of these developments has created a tipping point for third-party risk management to become a central focus for all participants across the supply chain. We expect all types of vendor risk to see increased scrutiny, including analysis of geographic, financial, and reputational risk. But due to the reliance on increasingly interconnected computing systems and networks as well bad actors’ ability and strategy to attack infrastructure through connected third parties, third-party cyberattacks are on the rise.

Request full report
To access the full report, please provide your contact information in the form below. Thank you for your interest in First Analysis research.