New Bitsight TRACE Research Reveals Hidden Cyber Risks In Global Supply Chains

(MENAFN- PR Newswire)

Study Uncovers Risks from Foreign-Linked Providers and Critical Yet Overlooked
Technology Vendors

BOSTON, March 17, 2025 /PRNewswire/ -- Bitsight , the global leader in cyber risk intelligence, today released the Under the Surface: Uncovering Cyber Risk in the Global supply Chai report from its TRACE Security Research Team. The report, based on an analysis of 500,000 organizations, 40,000 products, and 12,000 providers, maps over 61 million digital supply chain relationships. The findings highlight how deeply interconnected businesses are-and how cyber risks in one part of the supply chain can have far-reaching effects.

The U.S. Supply Chain's Reliance on Chinese Military-Linked Companies
Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the U.S. digital supply chain. These organizations, many of which have been designated by the U.S. Department of Defense as "Chinese Military Companies," continue to provide essential digital infrastructure, exposing U.S. businesses and critical industries to potential cybersecurity threats.

Key findings reveal:

• One-third of the U.S. supply chain relies on software or services from companies formally designated by the Department of Defense as "Chinese Military Companies."
• Two-thirds of the U.S. supply chain depends on companies with at least expected ties to Chinese state-linked entities, raising concerns about potential espionage, data security, and systemic risk.
• ByteDance Group (TikTok's parent company) alone is connected to 35.4% of the U.S. market, demonstrating how even high-profile companies facing potential bans remain widely used.

The continued reliance on these providers underscores the challenge of securing the digital supply chain against foreign government influence. Even with increased scrutiny and regulatory efforts, Chinese state-linked firms maintain a significant foothold in U.S. industries, making it critical for organizations to assess their vendor relationships and mitigate potential risks.

The "Hidden Pillars" that Power Entire Industries
While "big tech" companies dominate supply chain security discussions, smaller specialized software providers can also pose significant risk to sectors and industries. Bitsight research identifies "Hidden Pillars," the lesser-known technology companies that serve large portions-or even the majority-of specific industries.

• Customer Count Does Not Equal Criticality – Some niche providers serve only a handful of companies yet support massive market share in industries like energy, finance, and logistics.
• Tiny Teams, Huge Influence – Some of the most critical software and infrastructure providers operate with fewer than 50 employees, yet their technology is embedded in Fortune 500 companies and global enterprises.
• Industry Concentration Creates Single Points of Failure – Aerospace, utilities, and financial services rely heavily on just a few specialized providers. A security failure at one of these companies could trigger cascading effects within and across industries.

Technology Providers Face Greater Challenges
Organizations that supply digital products and services-known as providers-often face far greater cybersecurity challenges than the businesses they serve. With larger attack surfaces, more complex vendor relationships, and increasing risk exposure, providers must take stronger measures to secure their own ecosystems.

Key findings on providers include:

• Larger Attack Surfaces – Providers use 2.5x more products and have 10x more internet-facing assets than consumers, making them more exposed to cyber threats.
• More Complex Supply Chains – Providers depend on multiple sub-providers, which increases their risk exposure and can make addressing them more complicated.
• More Exposure, Better Controls – While providers outperform consumers in four of six security standards – including DMARC, SPF, DKIM, and DNSSEC – they lag behind in areas such as patch management, open ports, insecure systems, and botnet infections.

"Over the past year, we've seen several highly visible security incidents that highlight how incidents in the digital supply chain can have a massive ripple effect across the global economy," said Ben Edwards, Principal Research Scientist at Bitsight. "Even the most security-conscious companies are vulnerable to weaknesses in their supply chain. Organizations must continuously evaluate their third-party vendors and suppliers and work proactively to close security gaps."

The full report includes more findings on the scale of the digital supply chain, key factors for determining organizational risk, anonymized examples of the software providers with the highest level of risk across the globe, and more.

This analysis is based on Bitsight's proprietary organizational mapping and technology, 4th party relationship data, organizational firmographic data enriched with data from Bitsight's relationship with Moody's, and Bitsight's global security scanning data. The full study can be viewed here .

About Bitsight

Bitsight is the global leader in cyber risk intelligence, helping teams make informed risk decisions with the industry's most extensive external security data and analytics. With 3,300 customers and 65,000 organizations active on its platform, Bitsight delivers real-time visibility into cyber risk and threat exposure-enabling teams to quickly identify vulnerabilities, detect threats, prioritize actions, and mitigate risk across their extended attack surface.

Built on over a decade of market-leading innovation, an unparalleled cyber dataset, and intelligence-driven workflows, Bitsight uncovers security gaps across infrastructure, cloud environments, identities, and third- and fourth-party ecosystems. From security operations and GRC teams to the boardroom, Bitsight provides the unified intelligence backbone organizations need to proactively address exposures before they impact performance.

For more information, visit bitsight , read our blog , or connect with us on LinkedI .

SOURCE Bitsight

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE? 440k+
Newsrooms &
Influencers 9k+
Digital Media
Outlets 270k+
Journalists
Opted In GET STARTED

MENAFN17032025003732001241ID1109322250