In 2023 alone, supply chain-related cyberattacks surged by 40 percent, and the latest 2024 Verizon Data Breach Investigation Report revealed that 15 percent of the reported cybersecurity breaches involved a third-party vendor. These figures are a stark reminder that supply chain security vulnerabilities can reverberate throughout entire industries, especially as global supply chains become increasingly digitized. It’s no longer just about protecting individual organizations; it’s about securing the entire ecosystem.

Yet current practices fall short of international ambitions to build cyber resilience throughout supply chains, with a lack of established guidance for supply chain management – in particular,  collaborative information sharing. Supply chain security should no longer be seen as just an IT issue; it should be a matter of collective defense. The true question now is: Why are we still operating in silos? The answer isn’t just rooted in technology or capability—it’s a complex web of gaps in trust, varying legal frameworks, and traditional competitive approaches.

Challenges to information sharing

Supply chains are a symbiotic network, dependent on the combined strength of vendors, suppliers,  and partners. However, cybersecurity practices currently are far from collective. Despite the clear benefits of a collaborative defense, resource, and intelligence sharing remains scarce. This approach has proved increasingly dangerous. When a supply chain attack strikes, the impact ripples far beyond the initially compromised target.

Several factors can hinder effective information sharing, key challenges include:

  • Commercial, regulatory, and legal concerns: Companies may hesitate to share vulnerabilities due to fears of reputational damage, competitive risks, or legal liabilities,  especially with evolving regulations.
  • Silos: Information flow is often limited by organizational and sectoral silos, excluding smaller or non-traditional players who could benefit most from collaboration.
  • Timing: Information is often shared reactively after an incident, leaving businesses with little time to respond proactively.
  • Workforce shortages: Smaller organizations, lacking cybersecurity expertise, are often the most vulnerable yet the least equipped to share or act on critical information.
  • Human factors: Trust is essential for effective information sharing, but factors like enforcement and the reluctance to appear vulnerable can inhibit transparency.

Ways forward in information sharing

To build a resilient digital ecosystem, the focus should shift to proactive collaboration, where larger organizations with robust security capabilities take the lead in helping smaller counterparts and third parties enhance their defenses. This new model emphasizes inclusivity, where smaller players aren’t left out but actively supported through shared best practices, security controls, and early engagement before incidents occur.

Key principles for this new approach include:

  • Proactive capability building: Large entities, including governments and enterprises,  should take the lead in sharing actionable security insights and tools with their suppliers,  especially focusing on vulnerability management, incident response planning, and identity access controls.
  • Inclusivity across networks: Information-sharing networks must become more inclusive by fostering connections within supply chains and creating opportunities for smaller organizations to contribute and benefit from shared knowledge. This could involve forming new supplier communities or improving collaboration across sectors.
  • Leveraging technology for scale: Moving towards a digital commons, where common standards for information sharing and real-time monitoring can create a shared view of security posture across networks, allowing for more efficient allocation of security resources and minimize duplication of effort.

Achieving true cyber resilience across supply chains requires more than mere compliance; it demands a fundamental shift in our approach to security and collaboration. Leading organizations must drive this change by sharing not only threat data but also actionable insights to strengthen the entire ecosystem. This evolution from reactive to proactive, from siloed to integrated, is essential. A unified approach, leveraging real-time collaboration and shared standards, will revolutionize our ability to manage and mitigate risks.

The stakes are high, and the time for change is now. By committing to transparency and mutual support, we can build a robust, resilient digital infrastructure that can withstand the rapid pace of cyber threats.


Chuan Wei Hoo is the Chief Information Security Officer at StarHub.

I enjoy working with both MNCs and the public sectors to help strategise cybersecurity architecture and solutions. With more than 26 years of regional experience in information security and telecommunications, banking and the information technology sectors, I am dedicated to provide advice from both an advisor and practitioner perspective.

As an active speaker, I was also an adjunct lecturer with Nanyang Technological University (NTU) and Temasek Polytechnic, presently as an adjunct lecturer at Institute of Systems Science-National University of Singapore (ISS-NUS), authorised instructor with ISC2 and a guest lecturer with the Business Continuity Management Institute. I also serve as an authorised instructor and a Technical Advisor for ISC2 APAC. ISC2 is an international non-profit membership association (International Information Systems Security Certification Consortium) focused on inspiring a safe and secure cyber world.

TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.

The economic power shift in cyber warfare: How businesses can outsmart attackers