Security
SHARE
Facebook X Pinterest WhatsApp

LevelBlue: Third-Party Management Leading to Security Risks

LevelBlue report shows 49% of orgs lack visibility into software supply chain risk. Insights from Theresa Lanowitz on managing third-party threats.

Written By
thumbnail Victoria Durgin
Victoria Durgin
Jul 9, 2025
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

LevelBlue, a managed security services, strategic consulting, and threat intelligence provider, recently released the Data Accelerator: Software Supply Chain and Cybersecurity report. The research digs into how vulnerable organizations are to the rise in software supply chain attacks. 

To learn more about the findings and how businesses should respond, we spoke with Theresa Lanowitz, chief evangelist at LevelBlue, for a broader discussion on third-party risk management.

Research points to lack of visibility into software ecosystem and third-party challenges

The research is based on a quantitative survey that FT Longitude carried out in January 2025. There were a total of 1,500 C-suite and senior executives surveyed across 16 countries and seven industries: energy and utilities, financial services, healthcare, manufacturing, retail, transportation, and US SLED (state, local government, and higher education).

The findings show that companies are unnecessarily vulnerable to software supply chain threats, with approximately half (49%) stating they lack the necessary visibility into their ecosystem to correctly identify the risks they face.

LevelBlue also stresses that much of this lack of insight is tied to the third-party software providers and distribution channels that organizations increasingly rely on throughout their operations.

The concern about third-party vulnerabilities arises as CEOs are now more focused on the likelihood of suffering a software supply chain attack than ever before. LevelBlue’s research shows:

  • 40% of CEOs believe that the most significant security risk the organization faces today is from the software supply chain, compared with 29% of CIOs and 27% of CTOs.
  • 39% of CEOs say AI adoption presents a greater risk to the software supply chain.
  • In North America, the top three risks for organizations are third-party software distribution channels (49%), third-party risk management (48%), and unsupported software (48%).
  • 57% of North American organizations say they are prepared for software supply chain attacks, compared to 44% in APAC. In Europe and Latin America, 51% and 50% of respondents, respectively, report being prepared.

“Better understanding the risk from third-party components in the software supply chain are critical to the idea of an organization becoming more cyber-resilient, so it’s concerning how many remain unaware of the risks within their supply chains,” said Lanowitz. “I’ve been thinking about and worried about software supply chain attacks since around 2003, but I could not have predicted the uptick in attacks we have seen since we conducted this research in January.”

“We’ve seen it in retail operations in the UK and elsewhere this year much more frequently, and we have heard in the results here that more executives are worried about the likelihood of facing an attack themselves,” Lanowitz said.

Additionally, 80% of organizations with low visibility view critical factors, such as custom code, commercial off-the-shelf software, and API integrations, as “very risky” or “somewhat risky.”

The leadership accountability needed to move security forward

Lanowitz points out that part of this problem stems from the lack of ownership over third-party software within most organizational structures. In many cases, CEOs have a broad understanding of how the software supply chain is structured. Still, accountability for the risks within those agreements is rarely centralized under a single leader or function.

Thus, many find themselves deeply ingrained with third-party suppliers but without a detailed understanding of those suppliers’ security postures and the risk an attack on one of them would pose to the organization via a potential supply chain attack.

LevelBlue advises organizations to apply security-focused KPIs to every leader, regardless of their function. This, the company says, forces all of leadership to think carefully about the security risks posed by the third-party resources they leverage and provides a greater insight into where exactly vulnerabilities lie.

“There has to be some responsibility internally around managing risk, and if everybody has to think about security within their goals, then they’ll naturally start to consider how they interact with third-party tools and what that means for the overall security of the organization,” Lanowitz said.

What service providers should keep top of mind as they support clients

Lanowitz stresses the importance of MSSPs supporting organizations as they shore up their security related to third-party risk.

“Organizations should know MSSPs should act as a strategic expansion of your own team, and they absolutely can help assess and document where third parties are in your software supply chain,” Lanowitz said.

“Plus, we know that many organizations still don’t have their incident response plans codified, and MSSPs can be crucial to getting those solidified,” Lanowitz continued.

MSSPs also provide a variety of services that can collectively improve an organization’s resiliency, including:

  • Penetration testing
  • Vulnerability management
  • Codifying incident response and other types of planning
  • Leveraging the newest tooling to address next-generation attack types

LevelBlue also recently released its research findings on the security challenges specific to the healthcare industry. Read our coverage of that report to find out how MSPs and MSSPs are positioned to keep healthcare secure.

thumbnail Victoria Durgin

Victoria Durgin is a communications professional with several years of experience crafting corporate messaging and brand storytelling in IT channels and cloud marketplaces. She has also driven insightful thought leadership content on industry trends. Now, she oversees the editorial strategy for Channel Insider, focusing on bringing the channel audience the news and analysis they need to run their businesses worldwide.

Recommended for you...

thumbnail CyberArk Expands Machine Identity Security with New Features
Security
CyberArk Expands Machine Identity Security with New Features
Luis Millares
Oct 7, 2025
thumbnail 11:11 Systems Study Shows Security Concerns Worldwide
Security
11:11 Systems Study Shows Security Concerns Worldwide
Victoria Durgin
Oct 7, 2025
thumbnail OPSWAT Launches MetaDefender Drive for Handheld Security
Security
OPSWAT Launches MetaDefender Drive for Handheld Security
Jordan Smith
Oct 7, 2025
thumbnail API Security Risks and AI Threats: Expert Insights
Security
API Security Risks and AI Threats: Expert Insights
Victoria Durgin
Oct 6, 2025
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

facebook
linkedin
youtube
rss
spotify
x

Company

About us Contact us Advertise with us

Categories

Channel Business Security AI Infrastructure Lists & Awards

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information