A recent Cobalt report found that 68% of security leaders are concerned about the risks of third-party software tools and components introduced across their tech stacks. Seventy-three percent reported receiving at least one notification of a software supply chain vulnerability or incident in the past year.
According to the report, 60% believe attackers are evolving too quickly to maintain a truly resilient security posture and 46% are uneasy about AI-driven features and large language models. Sixty-eight percent say their boards now view the secure deployment of genAI as a critical priority. The report found that 55% of security leaders say they’re constantly worried one employee mistake could put the whole organization at risk.[1]
The CISO Perspectives report also highlights the growing role of penetration testing in security strategies. Nearly nine in 10 security leaders (88%) view pentesting as an essential component of their overall program. Far beyond a compliance checkbox, it is a proactive measure to identify and remediate vulnerabilities before exploitation occurs.
Pentesting is also being embedded into software development to provide assurance to regulators and customers concerned about third-party risk. More than half (58%) of respondents require third-party pen test reports to validate software security, while 55% conduct independent code reviews and 53% supplement these efforts with internal testing. These practices reflect a deep commitment to building resilience across the digital supply chain.
The digital supply chain has become cybersecurity’s weakest link—and security leaders know it. Over two-thirds (68%) are concerned about the risks these third-party software tools and components introduce across their technology stacks. In the Cobalt recent survey of 225 security leaders (defined as a mix of C-level and VP-level security professionals) in organizations with 500-10,000 employees1, researchers learned that, although four out of five express confidences that their organizations meet regulatory security requirements, 60% acknowledge that attackers are evolving too quickly to maintain a truly resilient security posture.
- What is at stake? Both company reputation and personal accountability.
- More than half (55%) of security leaders say they’re constantly worried that one employee mistake could put the entire organization at risk.
- This ever-present anxiety underscores how cybersecurity has shifted from a technical issue to a strategic imperative.
Link to the full report: Cobalt-CISO-Perspectives-Report-2025.pdf
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.securitymagazine.com/articles/101947-60-of-security-leaders-say-threat-actors-are-evolving-too-quickly
Comments