Over 183,000 Customers Were Affected by Supply Chain Cyberattacks in 2024, 33% more than Last Year

Supply chain cyberattacks have become a huge concern for companies and organizations in recent years due to their potential to cause widespread disruption. Although these malicious attacks have significantly dropped since 2019, they still affect hundreds of thousands of customers worldwide, causing substantial financial losses, data breaches, intellectual property theft, and reputational damage.

According to data presented by Stocklytics.com, more than 183,000 customers were affected by supply chain cyberattacks in 2024, or 33% more than last year.

Affected Software Packages Drop, but the number of Supply Chain Cyberattack Victims Jumps by Almost 50,000

Before 2020 and 2021, supply chain attacks might have gone under the radar. But the attacks on Kaseya, SolarWinds, and Codecov, which caused hundreds of millions of dollars worth of damage, have pushed them to the forefront of cybersecurity strategies.

These attacks are designed to cause mass disruption through a single breach, targeting software updates, build processes, and source code by hunting out insecure servers and protocols. Since these updates are released by trusted vendors, the malicious code is out without anyone knowing the vulnerability, leading to a ripple effect that can impact multiple organizations and affect thousands, if not millions, of victims.

Although the number of software packages affected by these malicious attacks has dropped in 2024, the number of affected consumers continues to rise. According to Comparitech data, a total of 590 software packages have been affected by supply chain cyberattacks in 2024, roughly 40 times less than last year. But despite this huge drop, the number of customers affected by these attacks increased by 33%.

In 2024, roughly 183,000 customers were affected by supply chain cyberattacks worldwide, or 50,000 more than last year.  However, this is still a far cry from the annual peak of over 263 million impacted customers reported in 2019.

Over 700 million Affected Customers and 227,000 Software Packages so Far

The Comparitech data also showed that most suppliers were attacked by social engineering, which targeted their open-source and proprietary code. On the other hand, customers were mainly attacked through malware infection and phishing, targeting processes and personal data.

Although the number of affected software packages and the victims of supply chain cyberattacks has dropped significantly since its peak in 2019 and 2021, the aftermath of these attacks is still shocking.

Since 2011, more than 227,000 software packages have been affected by these malicious attacks, causing the total number of victims to jump over 700 million. With modern supply chains being highly complex and interconnected and companies trusting third-party vendors and granting them access to sensitive systems and data, these attacks will continue causing widespread disruption.