Integrative research means our extensive company research informs every thesis and perspective. The result is deep industry knowledge, expertise, and trend insights that yield valuable results for our partners and clients.

About the Author:
Howard Smith
Managing Director
Howard Smith is a managing director (office of the president) specializing in research and investment in software-as-a-service (SaaS) businesses and other business models based on information technology, particularly internet of things, cybersecurity, and internet infrastructure. He also built the firm’s historical research franchises in call centers and computer telephony. He is a thought leader in his sectors, having authored numerous widely read white papers. He uses his industry knowledge and expansive network to uncover promising investment opportunities and help companies navigate their strategic paths and accelerate growth. His work has been cited for excellence by the Wall Street Journal and other publications. Prior to joining First Analysis in 1994, he was a senior tax consultant with Arthur Andersen & Co. He earned an MBA from the University of Chicago and a bachelor’s degree in accounting from the University of Illinois at Urbana-Champaign. He is a certified public accountant.
First Analysis Cybersecurity Team
Howard Smith
Managing Director
Matthew Nicklin
Managing Director
First Analysis Quarterly Insights
Business of managing supply chain risks more critical than ever
June 23, 2020
  • Securing supply chains against cyberattacks and similar disruptions whose effects are magnified by the interconnectedness of modern infrastructure is a challenge that has been gaining priority for many years. Recent developments such as trade wars, the COVID-19 pandemic, global human rights protests and increasingly sophisticated state-sponsored cyberattacks have further heightened awareness of the critical need to understand and address supply-chain vulnerabilities.
  • Given the complexity and expansiveness of modern supply chains, this is a daunting and potentially expensive undertaking. In response, a number of companies are building innovative solutions to make this process more efficient and effective. We highlight several such companies.
  • Regulation is becoming an increasingly prominent driver of the impetus to assess and manage third-party risk, representing a tailwind for these solution providers.
  • We believe this confluence of forces, along with the inherently ever-evolving nature of risk, will make third-party risk management a large and fast-growing opportunity area for many years to come.


Includes discussion of CYBR, QLYS and 12 private companies

Increased regulation also contributing to heightened vendor focus

Large and long-lived opportunity for third-party risk management

Cybersecurity index surges from its COVID-19 low, eclipses S&P 500, NASDAQ

Cybersecurity M&A momentum slows in 2Q

Cybersecurity private placements in line, average deal size close to two-year mean


Events over the past year have highlighted the need for entities to focus on their supply chains to understand which elements are critical and to ensure they can function through challenging situations. Recent examples of such events include trade wars that prompted new tariffs and trade restrictions, the COVID-19 pandemic with its myriad supply chain and other economic disruptions, protests related to the killing of George Floyd that have restricted transport and other movement in urban centers, and ongoing and increasingly sophisticated state-sponsored cyberattacks.

These events have occurred against a longer-term backdrop of computers having become essential components of most critical systems in all industries as well as a general move of IT infrastructures to cloud based architectures and reliance on cloud-based applications. We believe the convergence of these developments has created a tipping point for third-party risk management to become a central focus for all participants across the supply chain. We expect all types of vendor risk to see increased scrutiny, including analysis of geographic, financial, and reputational risk. But due to the reliance on increasingly interconnected computing systems and networks as well bad actors’ ability and strategy to attack infrastructure through connected third parties, third-party cyberattacks are on the rise.

To access the full report, please provide your contact information in the form below. A First Analysis representative will follow up with you shortly. Thanks for your interest in First Analysis research.
First Name required!
Last Name required!
Email required!
Industry required!
Unfortunately, your request to access the complete report has failed.

Please check the contact information you have entered.

If the form submission failure persists, please contact Person at (xxx) xxx-xxxx to handle your request. Thank you.
©2024 by First Analysis Corporation.
One South Wacker Drive
Suite 3900
Chicago, IL 60606