As the holiday season approaches, retailers are facing a perfect storm with container imports totaling 2.5 million TEUs–a 1.6% increase from August 2024 and a 17.6% rise over August 2019–with an estimated shortfall of80,000+ truck drivers alone, unpredictable delays, and higher costs from recent tariffs. Now on top of that, there’s also been a recent surge in supply chain cyberattacks, which have doubled since April 2025 as hackers increasingly target third-party vendors.
To help businesses navigate this dual challenge, Eric Schmitt, CIPP/US/E, CISSP-ISSMP, GSLC, CRISC, and Global Chief Information Security Officer at Sedgwick, offers insight into how cyber threats are compounded by global supply chain challenges and what retailers can do to protect themselves. Key areas of focus include:
- Understanding what constitutes a “weak link” in supply chain cybersecurity
- Integrating cyber risk into broader operational and enterprise risk strategies
- Immediate steps businesses can take to strengthen supply chain security and minimize disruptions
Eric’s insights provide a practical roadmap for retailers looking to safeguard their operations during the critical holiday season.
With retailers already under pressure from shipping delays, driver shortages, and tariffs, how does the surge in supply chain cyberattacks further complicate the holiday season for retailers?
Supply chain cyberattacks adds a layer of significant unpredictability and risk to an already difficult process. These attacks can disrupt inventory systems, delay shipments, and compromise customer data which would undermine consumer trust at the worst possible time. Retailers must continue to closely manage physical logistics, but now they also have to ensure digital resilience across their vendor ecosystem. Given the long lead time for holiday season ordering, any disruption will have far reaching echo effects to the process.
Supply chain attacks have reportedly doubled since April 2025. What factors are driving this sudden increase in targeting third-party vendors?
Several factors are converging. First, attackers are increasingly strategic – they know that third-party suppliers often have weaker defenses and privileged access to larger networks. The 2013 breach of Target through an HVAC vendor is a perfect example of this. Second, the rapid digitization of supply chains has expanded the attack surface. Third, geopolitical tensions and economic instability are fueling state-sponsored and financially motivated attacks – particularly against retailers who are politically or socially active. Lastly, many vendors are still catching up on basic cyber hygiene, making them attractive targets.
The phrase “a weak link in the supply chain” is often used in cybersecurity discussions. How do you define a weak link in this context, and how can organizations identify theirs?
A weak link is any entity that lacks the necessary cybersecurity controls to prevent, detect, or respond to threats – or do not have the capabilities to have cyber resiliency to quickly recover from an attack. Organizations can identify these vulnerabilities through comprehensive third-party risk assessments, continuous monitoring, and by mapping data flows and access privileges across their supply chain. There are a number of third-party risk assessment services that exist to help quickly benchmark many various vendors, examples would be BitSight and Security Scorecard. These services will review the selected vendors and provide a benchmark and risk rating based on publicly available data.
Many businesses still view cyber risk separately from operational risk. Why is it critical to integrate these, and what does that integration look like in practice?
Cyber risk is operational risk. A ransomware attack can halt production, disrupt logistics, and damage customer relationships just as quickly as any other production stoppage – often with greater long-term impacts. Recognizing this fact means embedding cybersecurity into enterprise risk management frameworks, aligning cyber metrics with business KPIs, and ensuring cross-functional collaboration between IT, legal, procurement, risk management, and operations. It also involves scenario planning and tabletop exercises that simulate both cyber and operational disruptions and include key stakeholders from all appropriate disciplines. A cybersecurity or cyber risk team cannot operate in a vacuum if they want to successfully protect their company.
How can companies assess the cyber maturity of their suppliers and partners, particularly smaller vendors that may lack robust security programs?
Start with a tiered risk-based approach. High-impact vendors should undergo rigorous assessments, including security questionnaires, audits, and penetration tests, at initial onboarding and then regularly thereafter. Lower-impact vendors should undergo appropriate assessments based upon the risk to the organization with commiserate follow-up. For smaller vendors, focus on essentials: do they have endpoint protection, ransomware protected backup protocols, and incident response plans? Partner with key vendors and encourage adoption of industry standards like NIST CSF or ISO 27001 and consider offering support or shared services to uplift their security posture. For critical suppliers, this is definitely a case of better together.
What are some immediate, practical steps companies can take to strengthen supply chain security before peak season activity?
1. Review and update third-party risk assessments.
2. Ensure multi-factor authentication is enforced across vendor access points and ANYTHING externally or internet exposed.
3. Segment networks to limit blast radius of potential breaches.
4. Establish clear incident response protocols with key suppliers.
5. Monitor for anomalous activity in real-time, especially around critical systems.
From your perspective at Sedgwick, how do you see the intersection between risk management and cybersecurity evolving as supply chains become more digitized and interconnected?
At Sedgwick, we view cybersecurity as a key element of enterprise risk management. The lines between cyber, operational, legal, and reputational risk are quickly eroding and we’re investing in integrated risk platforms, cross-functional governance models, and deep partnerships within peer teams that allow us to respond holistically to emerging threats. The goal is defense and resilience, not just recovery.
How do geopolitical tensions and new tariffs influence cyber risk exposure for global supply chains?
Geopolitical tensions often manifest in cyber operations, whether through espionage, sabotage, or economic disruption. Tariffs can force companies to pivot suppliers or regions, introducing new, unvetted partners into the supply chain – typically in a tight timeline that reduces the opportunity for deep due diligence. This transition period is ripe for exploitation. Organizations must hold firm on conducting proper due diligence, monitor geopolitical developments, and maintain flexible, secure supply chain architectures.
In an environment where disruptions are increasingly interdependent—cyber, operational, and logistical—how can organizations build resilience across all layers of their supply chain?
Resilience requires visibility, agility, and collaboration. Companies should:
• Map their entire supply chain, including fourth-party relationships if necessary.
• Invest in real-time monitoring and threat intelligence sharing.
• Develop contingency plans and diversify suppliers.
• Foster a culture of security across all partners.
• Leverage automation and AI to detect and respond to threats faster.
• Partner closely with critical suppliers to ensure that they are aligned with your cybersecurity or cyber resilience expectations.
Looking ahead to 2026, what trends or emerging technologies do you expect will most influence how companies manage cyber and operational risks in their global supply chains?
Third-party risk management will become even more critical with a heavy emphasis on automated threat detection and response, robust cyber resiliency with ransomware protected backups, and well segmented OT networks becoming more critical as threat actors continue to evolve their attacks.
