New Bitsight TRACE Research Reveals Hidden Cyber Risks in Global Supply Chains

New Bitsight TRACE Research Reveals Hidden Cyber Risks in Global Supply Chains
By STS News Desk on March 17, 2025

Data-Driven Attack Surface Management & Intelligence Solutions

Study Uncovers Risks from Foreign-Linked Providers and Critical Yet Overlooked

Bitsight, the global leader in cyber risk intelligence, today released the Under the Surface: Uncovering Cyber Risk in the Global Supply Chain report from its TRACE Security Research Team. The report, based on an analysis of 500,000 organizations, 40,000 products, and 12,000 providers, maps over 61 million digital supply chain relationships. The findings highlight how deeply interconnected businesses are—and how cyber risks in one part of the supply chain can have far-reaching effects.

The U.S. Supply Chain’s Reliance on Chinese Military-Linked Companies
Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the U.S. digital supply chain. These organizations, many of which have been designated by the U.S. Department of Defense as “Chinese Military Companies,” continue to provide essential digital infrastructure, exposing U.S. businesses and critical industries to potential cybersecurity threats.

Key findings reveal:

  • One-third of the U.S. supply chain relies on software or services from companies formally designated by the Department of Defense as “Chinese Military Companies.”
  • Two-thirds of the U.S. supply chain depends on companies with at least expected ties to Chinese state-linked entities, raising concerns about potential espionage, data security, and systemic risk.
  • ByteDance Group (TikTok’s parent company) alone is connected to 35.4% of the U.S. market, demonstrating how even high-profile companies facing potential bans remain widely used.

The continued reliance on these providers underscores the challenge of securing the digital supply chain against foreign government influence. Even with increased scrutiny and regulatory efforts, Chinese state-linked firms maintain a significant foothold in U.S. industries, making it critical for organizations to assess their vendor relationships and mitigate potential risks.

Read More: Sales Transformation Starts Here: Consensus Announces Partnership and Product Integrations with Highspot

The “Hidden Pillars” that Power Entire Industries
While “big tech” companies dominate supply chain security discussions, smaller specialized software providers can also pose significant risk to sectors and industries. Bitsight research identifies “Hidden Pillars,” the lesser-known technology companies that serve large portions—or even the majority—of specific industries.

  • Customer Count Does Not Equal Criticality – Some niche providers serve only a handful of companies yet support massive market share in industries like energy, finance, and logistics.
  • Tiny Teams, Huge Influence – Some of the most critical software and infrastructure providers operate with fewer than 50 employees, yet their technology is embedded in Fortune 500 companies and global enterprises.
  • Industry Concentration Creates Single Points of Failure – Aerospace, utilities, and financial services rely heavily on just a few specialized providers. A security failure at one of these companies could trigger cascading effects within and across industries.

Technology Providers Face Greater Challenges
Organizations that supply digital products and services—known as providers—often face far greater cybersecurity challenges than the businesses they serve. With larger attack surfaces, more complex vendor relationships, and increasing risk exposure, providers must take stronger measures to secure their own ecosystems.

Read More: SalesTechStar Interview with Chris Kelly, President of Go-To-Market (GTM) at Delinea

Key findings on providers include:

  • Larger Attack Surfaces – Providers use 2.5x more products and have 10x more internet-facing assets than consumers, making them more exposed to cyber threats.
  • More Complex Supply Chains – Providers depend on multiple sub-providers, which increases their risk exposure and can make addressing them more complicated.
  • More Exposure, Better Controls – While providers outperform consumers in four of six security standards – including DMARC, SPF, DKIM, and DNSSEC – they lag behind in areas such as patch management, open ports, insecure systems, and botnet infections.

“Over the past year, we’ve seen several highly visible security incidents that highlight how incidents in the digital supply chain can have a massive ripple effect across the global economy,” said Ben Edwards, Principal Research Scientist at Bitsight. “Even the most security-conscious companies are vulnerable to weaknesses in their supply chain. Organizations must continuously evaluate their third-party vendors and suppliers and work proactively to close security gaps.”

Write in to psen@itechseries.com to learn more about our exclusive editorial packages and programs.

BitSightChinese Military CompaniesCyber risksDMARCGlobal Supply Chain reportglobal supply chainsHidden PillarsLarger Attack SurfacesNewsTRACE Security Research Team
Related Posts

Omilia Unveils Omilia Workforce AI, Redefining Contact Center Call Quality Management

Qualified Unveils Piper for Marketo: The AI SDR Agent for Adobe Marketo Engage

Spangle Emerges from Stealth to Power 1:1 Commerce for Retailers with Agentic AI and ProductGPT

ChurnZero and Synthesia pioneer the future of AI-powered customer engagement

AudioCodes announces Microsoft Teams Phone extensibility for its AI-first Voca Conversational Interaction Center

Shipium and Kibo Pair Composable Commerce with Headless Logistics in New Partnership

AI is Transforming Worker Productivity and In Turn, the Customer Experience