News

How trade policies are expanding supply chain cyber risks

Steve Durbin
Published 15 - May - 2025
Read the full article on World Economic Forum
world economic forumriskemerging threatssupply chainpeople
  • 73% of organizations report trade uncertainties as their number one business challenge.
  • Trade uncertainties amplify cyber risks and the occurrence of supply chain cyber incidents is increasing.
  • Businesses need to fortify their cyber resilience against such disruptions and potential attacks.

Tariffs—even the threat of escalating tariffs—can induce volatile demand and supply, negatively affecting supply chains and triggering disruptions in trade. They force organizations to reevaluate their trade relationships, consider reshoring, nearshoring, friendshoring or hiring new suppliers.

These choices can unwittingly introduce new vulnerabilities beyond costs and logistical issues. In the National Association of Manufacturers’ Q1 2025 outlook survey, nearly three out of four (73%) of organizations reported trade uncertainties, such as tariffs and negotiations, as their number one business challenge.

Tariffs and supply chains

Tariffs directly affect raw material costs, forcing organizations to reassess their procurement strategies. Speed- and cost-optimized supply routes may become nonviable overnight. Redirecting through lower-tariffed geographies creates longer transit times and logistics expenses, driving up overheads.

To avoid overdependence on one region or supplier, organizations hastily onboard new, untested suppliers while bypassing adequate security screening. A dispersed supply chain with diverse and less secure suppliers is more vulnerable to disruptions and threats. Additionally, extending supply chains to new suppliers or logistics providers creates more entry points for attackers, raising the specter of breaches.

Some organizations turn to domestic suppliers to avoid import costs. Although this may simplify logistics, it creates a reliance on fewer vendors. This raises uncertainty about whether suppliers experience a security issue or are unable to meet demand, resulting in a single point of failure.

Another risk stems from the unpredictability surrounding global trade, prompting companies to reconsider long-term investments. Rather than expanding the existing infrastructure to accommodate new business opportunities, organizations redirect funds towards emergency purchasing and sourcing adjustments. Critical system and security upgrades are deferred, leaving unpatched security gaps.

Cybersecurity challenges in a trade war

The confluence of trade disruptions and cybersecurity threats is increasingly apparent. Here are some critical cybersecurity challenges driven by tariff changes:

Exploiting third-party vulnerabilities: In their haste to meet tariff deadlines, organizations might not subject new vendors to the same level of scrutiny as traditional partners. Tier 2 vendors pushed into key positions to fulfill higher production needs may lack proper security measures, becoming weak links in the supply chain. Adversaries may strategically target smaller, less secure suppliers to gain access to larger, more secure organizations. Additionally, the absence of specialized security teams or incident response mechanisms within these reconfigured supplier networks can slow recovery times, leading to production delays and financial losses.

Increase in digital fraud: At least 301 tariff-related malicious domain registrations were identified in Q1 2025, coinciding with new US tariff releases. This confirms that threat actors capitalize on the confusion and ambiguity of the tariff releases to spearhead a barrage of fraud campaigns. Bad actors are employing generative AI tools to commit invoice fraud, attacking small and mid-sized businesses. Here, victims receive tailored invoices (allegedly from a supplier they use) referencing new import costs that have changed while the goods were in transit.

Geopolitical tensions: Regions impacted by tariffs are seeking alternative strategies to retaliate, creating geopolitical tensions that manifest as nation-state cyber espionage. The cyberattack on US telecoms known as Salt Typhoon (and its related hacks) is an example of cyber-spying against the US stemming from increased trade tensions, particularly in response to tariffs and economic sanctions.

Compliance risks: Shifting operations to new jurisdictions creates compliance risks, as firms must adjust to foreign regulatory environments that can be radically different from domestic ones. Global data privacy legislation imposes varying encryption, storage and access control requirements, causing organizations to wrestle with coordinating their cybersecurity policies.

Cyber resilience in international supply chains

Here’s how organizations can develop cyber resilience in supply chains:

Deploy a zero-trust policy: Block unauthorized access from compromised vendors by implementing a zero-trust model that continuously authenticates all third-party vendors before they can access core systems. This is particularly useful in preventing insider threats and breached credentials.

Enforce strong access controls: Minimize the supply chain attack surface by enforcing least privilege access that limits vendor access to only necessary systems and data. Isolate supply chain networks to prevent lateral movement of threats through micro-segmentation of networks.

Implement real-time threat intelligence: Organizations must leverage AI-driven predictive analytics and threat intelligence feeds to identify indicators of breaches in supplier networks before they escalate into major breaches. Deploy AI-driven threat detection to flag anomalies in real time and proactively investigate suspicious supplier activities.

Train supply chain partners: Most cyberattacks target untrained staff in supplier networks. Cybersecurity awareness training can minimize human-induced security threats in supply chains. Phishing awareness programmes using simulated attack scenarios can train suppliers to recognize fake emails and malicious links.

Develop robust incident response plans: Minimize downtime after an incident with automated recovery systems that auto-redirect workloads to backup infrastructure for expedited remediation. Conduct simulation training exercises to confirm and enhance resilience to conditions such as vendor breaches and system compromise.

The global trade environment has been transformed by the application of renewed tariff policies. Notably, these policies intersect with cybersecurity, as an ever-growing number of global companies are being affected by cyber incidents at partner organizations. The occurrence of supply chain cyber incidents is increasing, and so is the magnitude of their effects. To sustain operations in such volatile trade conditions, global supply chains need cyber resilience, centered on rapid response and recovery efforts, ensuring the continuity of the supply chain even amid cyberattacks.

Where next?

View all news articles
Array
research

Securing the Supply Chain During Periods of Instability

As global pressure on supply chains increase significantly, explore five proactive and actionable steps towards stabilisation.

Read more on Securing the Supply Chain During Periods of Instability
Array

Build cyber resilience across your supply chain

Rise to the supplier risk challenge with a risk-based approach to your end-to-end supplier management lifecycle.

Read more on Build cyber resilience across your supply chain
Array
service

Supply Chain Management Assessment

Gain an up-to-date picture of information risk in your supply chain to reduce risk from external suppliers and improve cyber resilience.

GET IN TOUCH on Supply Chain Management Assessment
How trade policies are expanding supply chain cyber risks
Read the full article on World Economic Forum