Key Takeaways
- 27% of organizations reported using third-party providers that are not actively monitored in 2023, increasing IT supply chain risk exposure (from vendors, integrators, and managed service providers).
- 25% of organizations do not maintain centralized asset inventories for IT/OT devices (inventory/control gap).
- 55% of organizations cite a lack of visibility into vendors/subcontractors as a primary challenge in managing third-party risk in 2023 (visibility gap).
- USD 13.0 million average cost of a data breach in 2023 reported globally (resource allocation affects vendor and supply chain security investments).
- USD 9.2 million average time-weighted compliance cost for regulated organizations to implement security requirements for third parties (reported in a 2023 compliance cost assessment).
- 53% of software supply chain practitioners reported that SBOM adoption is increasing, with 31% already using SBOMs in production in 2024 survey results.
- 3.9% year-over-year increase in global IT services revenue in 2024, reflecting demand for outsourcing/integration amid supply chain change.
- 16% of organizations said they have fully implemented digital product passports to improve traceability for products in circulation (traceability in supply chains).
- USD 204.7 billion is forecast global spending on cloud security in 2024 (driving vendor demand for secure supply chain controls).
- USD 68.4 billion global spend on application security testing tools is forecast for 2024, supporting secure development and supplier assurance practices.
- 19% of IT spending is estimated to be for cybersecurity and risk management activities (share of IT budgets supporting supply chain security).
- 36% of organizations have deployed automated vulnerability management in CI/CD pipelines in 2024 (improves supply chain remediation speed).
- 39% of organizations require a security incident response plan from vendors, indicating formalization of IT vendor security obligations in 2023 surveys.
- 33% of organizations report using continuous vendor monitoring tools (automated signals for third-party changes) in 2024.
- 23% of organizations report that lead time for changes is under one day (accelerated delivery that heightens importance of secure supply chain controls).
Many firms lack visibility and monitoring across IT vendor chains, boosting security breach and patching risk.
Related reading
01 · Category
Risk & Compliance9 stats
Risk & Compliance Interpretation
02 · Category
Cost Analysis2 stats
Cost Analysis Interpretation
03 · Category
Industry Trends11 stats
Industry Trends Interpretation
More related reading
04 · Category
Market Size9 stats
Market Size Interpretation
05 · Category
User Adoption6 stats
User Adoption Interpretation
06 · Category
Performance Metrics7 stats
Performance Metrics Interpretation
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Priya Chandrasekaran. (2026, February 13). Supply Chain In The Information Technology Industry Statistics. Gitnux. https://gitnux.org/supply-chain-in-the-information-technology-industry-statistics
Priya Chandrasekaran. "Supply Chain In The Information Technology Industry Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/supply-chain-in-the-information-technology-industry-statistics.
Priya Chandrasekaran. 2026. "Supply Chain In The Information Technology Industry Statistics." Gitnux. https://gitnux.org/supply-chain-in-the-information-technology-industry-statistics.
Sources & references
44 datasets cited across this report · attribution is report-level
+14 additional datasets cited (not shown individually)

