Close
Press September 25, 2025

SecurityScorecard Research Highlights Cyber Risks in Indian Supply Chains, Underscoring Global Interdependence

NEW YORK – September 25, 2025 – SecurityScorecard today released new research revealing that Indian companies essential to global supply chains across manufacturing, IT services, pharmaceuticals and critical infrastructure face elevated cyber risk from third-party breaches. The study, Third-Party Cyber Risks to Global Supply Chains: An Assessment of Key Indian Suppliers, found that 52.6% of Indian vendors experienced at least one third-party breach in the past year, reflecting challenges faced by supplier ecosystems worldwide.

“India is a cornerstone of the global digital economy,” said Ryan Sherstobitoff, Field Chief Threat Intelligence Officer at SecurityScorecard. “Our findings highlight both strong performance and areas where resilience must improve. Supply chain security is now an operational requirement, and SecurityScorecard is providing the visibility and intelligence to help organizations strengthen that resilience together across industries and borders.”

Key Findings

  • 52.6% of Indian suppliers suffered a third-party breach; 10.7% publicly reported one.
  • 26.7% of companies scored an “F” cybersecurity rating, the largest share seen in any dataset to date, while 25.3% scored an “A,” showing a highly polarized risk landscape.
  • IT services and aerospace sectors had the highest average scores, demonstrating leadership, though IT providers also accounted for 62% of all third-party breaches, reflecting their role as gateways to global clients.
  • Pharmaceuticals and medical devices represented 42.1% of publicly reported breaches and 38.5% of ransomware incidents, raising concerns for international healthcare supply chains.
  • Semiconductor, electronics and automotive sectors showed elevated credential compromise, typosquatting and malware infections.
  • Network security challenges, mismanaged certificates and poor patching, were the most common contributors to low ratings.

India in Global Context
The mean and median security scores for Indian companies (73 and 75) are slightly below the global average of 81. Like other supplier nations, India’s results highlight both areas of excellence and opportunities for improvement.

“This research is part of our ongoing global benchmarking,” Sherstobitoff added. “Every region has its strengths and vulnerabilities. India’s role in powering critical industries makes visibility and collaboration even more important.”

SecurityScorecard Recommendations
To strengthen resilience, SecurityScorecard recommends organizations:

  1. Continuously monitor third- and fourth-party ecosystems for emerging threats.
  2. Prioritize certificate management and patching, which were the most common areas of weakness.
  3. Pay close attention to IT and managed service providers, which are among the highest-risk vendor categories globally.
  4. Leverage cybersecurity ratings to inform procurement, vendor oversight and ongoing risk management.

About the Report

The full study, Third-Party Cyber Risks to Global Supply Chains: An Assessment of Key Indian Suppliers, is available from SecurityScorecard.

About SecurityScorecard
SecurityScorecard created Supply Chain Detection and Response (SCDR), transforming how organizations defend against the fastest-growing threat vector – supply chain attacks. Our industry-leading security ratings serve as the foundation and core strength, while SCDR continuously monitors third-party risks using our factor-based ratings, automated assessments and proprietary threat intelligence, to resolve threats before they become breaches. MAX enables response and remediation capability, working through our service partners to protect the entire supply chain ecosystem while strengthening operational resilience, enhancing third-party risk management, and mitigating concentrated risk.

Trusted by over 3,000 organizations – including two-thirds of the Fortune 100 – and recognized as a trusted resource by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Backed by Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, NGP, Intel Capital, and Riverwood Capital, SecurityScorecard delivers end-to-end supply chain cybersecurity that safeguards business continuity.

Learn more at securityscorecard.com or follow us on LinkedIn.

Media Contact
 Charles Simon
 Senior Global PR Manager
 [email protected]