Supply Chain Cybersecurity Grows Even More Challenging
Supply chain cybersecurity has grown more serious and the increased use of GenAI needs to be addressed, according to Gartner, Inc.
“The large number of multitier partners in an organization’s supply chain has made managing third-party cyber risk a daunting task,” said Mark Atwood, managing VP, research, with the Gartner supply chain practice, in a statement. “The rapid expansion of threats continually challenges cybersecurity and supply chain teams to keep pace, while the growing use of GenAI among trading partners increases the risk of data breaches and intellectual property leakage.”
To help supply chain organizations, Gartner offers a strategy they call Hype Cycle for Supply Chain Strategy 2025. The objective is to help chief supply chain officers (CSCOs) make smarter investments and strategic decisions by identifying emerging, hyped and proven supply chain technologies, competencies and business models. It highlights the most important capabilities, detailing their maturity, business impact and potential challenges, and provides actionable guidance for effective adoption.
The Gartner Hype Cycle for Supply Chain Strategy showed that machine learning (ML)-based AI is nearing the Slope of Enlightenment, as explosive interest in agentic and GenAI solutions is accelerating the adoption of machine learning and logic-based reasoning to augment decision-making at an unprecedented pace.
As organizations increasingly recognize the importance of safeguarding supply chain operations, expectations for cybersecurity solutions have surged. However, several obstacles make effective cybersecurity protection challenging, including:
- A lack of clarity around ownership and budget for identifying and managing cybersecurity risks.
- The breadth of supply chain IT and cyber-physical systems that require protection.
- The large number of multitier partners complicates visibility into and management of third-party cyber risk.
- GenAI use among trading partners increases the risk of data breaches and intellectual property leakage.
- Solutions force organizations to assemble multiple toolsets rather than rely on a single solution.
To manage third-party cyber risk, Atwood emphasized the importance of CSCOs first collaborating with their organization's cybersecurity team. Together, both teams must define security specifications with high-value supply chain partners and then incorporate those specifications into contract requirements.
GenAI Enters Trough of Disillusionment
GenAI technologies can create new content, strategies and designs by learning from large datasets, and supply chain technology providers are increasingly embedding GenAI capabilities into their solutions. This allows organizations to experiment with GenAI at lower risk and cost.
However, many supply chain organizations face significant obstacles, including the complexity of integrating GenAI with legacy systems, concerns over data security and intellectual property leakage, and the lack of clear governance frameworks to manage risks such as hallucinations or ethical issues. Many of these risks also contribute to concerns over supply chain cybersecurity.
“As more organizations grapple with the challenges of scaling GenAI pilots and integrating the technology into legacy systems, it will appear as less of a ‘silver bullet’ solution,” said Noha Tohamy, distinguished VP analyst in Gartner's supply chain practice, in a statement. “However, the ongoing enthusiasm for GenAI’s potential, along with the emergence of agentic AI, has rapidly accelerated the progress we have seen with ML-based AI, which has evolved from an emerging technology to a key enabler of supply chain transformation.”
Tohamy noted that ML-based AI use cases now span planning, sourcing, manufacturing, logistics, and inventory management. The availability of tech solutions, best practices and implementation frameworks has made adopting ML-based AI less risky. As a result, CSCOs are moving beyond pilots and scaling AI across the enterprise to drive greater efficiency, resilience and customer enablement.