Industry forecasts indicate that the global costs from software supply chain attacks will reach $60 billion by 2025, escalating to $138 billion by 2031.
While the projected financial loss is alarming, what is even more concerning is the underlying trend driving this increase. Cybercriminals are no longer targeting isolated packages; instead, they are infiltrating deeper into build pipelines, registries, model sources, and automation systems. This evolution allows them to bypass traditional security measures that DevSecOps, AppSec, and other security leaders typically depend on.
According to Gartner, it is anticipated that nearly 45 percent of companies will experience at least one software supply chain incident by the end of 2025.
A recent deep dive in an article published by Ox Security highlights why the past year has marked a pivotal shift in software supply chain risk. The piece advises teams on the necessary steps to regain control over their lifecycle processes before these upstream vulnerabilities turn into downstream incidents.
