OEMs Must Invest in Supply Chain Cybersecurity Best Practices

Just about every industry globally is being targeted by cybercriminals. The potential gains include money, computing power, and corporate and customer data. The electronics supply chain is particularly vulnerable, which should make cybersecurity a top priority for all of us.

Here’s one example: In February 2025, Unimicron, a printed circuit board (pc board) maker in Taiwan, was attacked by the Sarcoma ransomware operation.¹ The group has been credited with 83 cyberattacks between July 2024 and March 2025 (Figure 1).² As part of the Unimicron infiltration, the cybercriminals published samples of files allegedly stolen from the company’s systems during the breach and threatened to leak all 377 Gbytes of SQL files and documents of corporate data if the organization didn’t pay their ransom demand.

Figure 1 : Sarcoma has targeted organizations worldwide with ransomware attacks, including manufacturing and technology companies. So far, the attacks have been concentrated in North America and Europe. (Image source: Ransomware.live)

The growing problem

A 2025 report by Cybersecurity Ventures predicts that the cost of cybercrime will reach $10.5 trillion annually in 2025, up from $3 trillion in 2015.³ One Gartner source estimated the costs from attacks on the software supply chain alone will rise from $46 billion in 2023 to $138 billion by 2031.⁴

The cost of a breach is also increasing. IBM research estimates that the average cost of a cybersecurity breach has reached $4.88 million.⁵ This would include only hard costs without considering the potential soft costs, such as brand erosion.

Analysts and pundits point to a variety of reasons for the rapid increase in cybercrime:

• Organizations are increasingly dependent on software: In the electronics industries, companies used to rely on homegrown apps that created a protective silo. Now, most organizations turn to third-party software and open-source applications, allowing bad actors to inject malicious code and create mischief (Figure 2).
• Workers are increasingly remote or hybrid: As more employees work from home or in various locations, the increase of potential attack surfaces has raised vulnerabilities.
• Internet of Things (IoT) and cloud are proliferating: While helpful, IoT devices and cloud infrastructure offer more entry points for would-be attackers.
• Attackers are getting increasingly sophisticated: Nation-state-sponsored groups and ransomware attackers use increasingly refined techniques to target organizations.

Figure 2 : Shown is an overview of the increasing number of malicious components discovered in open-source dependencies. (Image source: Gartner)

Four ways to put safety first

Attackers are getting smarter, so organizations need to be ever-vigilant. Cybersecurity is like a giant game of Risk: organizations build safeguards around data and corporate systems, and bad actors find new ways to infiltrate the system. Companies should regularly evaluate their procedures and technologies to stay ahead of attackers, or at least make it sufficiently challenging that they move to a different target. Portals and networks must be secured and backed up. Documents, both digital and physical, need to be protected.

Cybersecurity insurance must be in the budget. It might be tempting to play the odds, but the insurance cost is minimal compared to the cost of a breach. This coverage helps organizations recover the legal fees and costs of dealing with a breach. It may even reimburse for the costs of losing customers or worker productivity. In 2024, businesses spent an average of $1,200 to $7,000 annually on cyber insurance, with a median cost of around $2,000 per year, according to Embroker.⁶ As you might expect, prices for cyber insurance have fluctuated, hitting a high in 2022. Those costs have been decreasing since.

Another essential strategy is an organization security audit. An ethical or “white hat” hacker can perform penetration testing to ascertain where your current system is vulnerable and find holes before the black hat hackers find them.

Finally, make sure your organization understands the importance of investing in cybersecurity. These efforts should have a line item in the budget to increase the investment year after year.

The reality of a modern electronics supply chain is that organizations are spread globally, as are the threats they face. Breaches, along with the costs in time, money, reputation, and compliance risks, are on the rise and are likely to remain so. Organizations must prioritize staying ahead of the risks and investing in security. With attention, OEMs can reap the benefits of supply chain applications to enhance visibility, resilience, and risk mitigation, and avoid the risk of malicious actors.

References

1: https://www.cm-alliance.com/cybersecurity-blog/february-2025-major-cyber-attacks-ransomware-attacks-data-breaches

2: https://www.ransomware.live/group/sarcoma

3: https://cybersecurityventures.com/cybersecurity-in-2025-challenges-risks-and-what-leaders-must-do/

4: https://www.gartner.com/doc/reprints?id=1-2HZEKAMU&ct=240701&st=sb

5: https://www.ibm.com/reports/data-breach

6: https://www.embroker.com/blog/cyber-insurance-cost/