Supply Chain Attack Statistics for 2026: Third-Party Breaches, Open Source Malware, and the New Cost of Trust

Supply chain attacks are no longer an emerging risk. They are the dominant intrusion pattern of 2025 and 2026. Third-party involvement in breaches doubled from 15% to 30% in a single year, the largest single-year shift ever recorded by the Verizon 2025 Data Breach Investigations Report. A supply chain compromise now costs $4.91 million on average and takes 267 days to identify and contain, the longest lifecycle of any breach vector tracked by the IBM 2025 Cost of a Data Breach Report. And on the developer side, Sonatype counted more than 454,600 new malicious open source packages in 2025 alone, a 75% jump year over year. These are the supply chain attack statistics security and compliance leaders need going into 2026.

Key supply chain attack statistics at a glance

• 30% of all breaches in 2025 involved a third party, double the 15% reported the prior year, per the Verizon 2025 DBIR. It is the largest single-year shift in the report’s history.
• $4.91 million is the average cost of a supply chain compromise breach, with a 267-day mean lifecycle, the longest of any vector tracked by the IBM 2025 Cost of a Data Breach Report.
• 454,600+ new malicious open source packages were identified across npm, PyPI, Maven, NuGet, and Hugging Face in 2025, a +75% year-over-year jump, per the Sonatype 2026 State of the Software Supply Chain Report. Cumulative count is now over 1.23 million.
• 73% increase in detections of malicious open source packages in 2025, with npm volume rising more than 100% to 10,819 packages, per the ReversingLabs 2026 Software Supply Chain Security Report.
• 1,000+ npm packages were compromised by the Shai-Hulud self-replicating worm in September 2025, the first known registry-native worm, with downstream exposure across roughly 25,000 GitHub repositories, per ReversingLabs.
• 2,773 organizations and 95+ million individuals were impacted by the MOVEit/Cl0p supply chain campaign by mid-2024, per Emsisoft tracking, making it the single largest supply chain breach campaign by victim count to date.
• 30% of breach incidents involving AI models and applications stem from supply chain compromise, and 44% of zero-day attacks now target managed file transfer systems, per the IBM 2025 Cost of a Data Breach Report.

10.6% of EU cyber incidents tracked in the ENISA Threat Landscape 2025 map to supply chain risk, with software vendors, cloud integrators, and MSP/MSSP partners cited as the fastest-growing target classes.

‍

Third-party involvement in breaches has doubled in a single year

The single most consequential supply chain statistic of the past 18 months comes from the Verizon 2025 Data Breach Investigations Report, which analyzed 22,052 incidents and 12,195 confirmed breaches across 139 countries. Third-party involvement in breaches doubled from 15% to 30% year over year, the largest single-year jump in any category in the DBIR series. Verizon credits the spike to a combination of MOVEit-style mass exploitation of file transfer software, broad credential reuse across vendor ecosystems, and the maturation of access broker markets that resell footholds into mid-market suppliers.

That headline number sits on top of other Verizon findings that reinforce why supply chain risk is now the dominant intrusion pattern. Exploitation of vulnerabilities as an initial-access vector rose 34% year over year, with edge devices and remote-access products responsible for 22% of those exploitations, an eightfold increase. Credential abuse drove 22% of all 2025 breaches, and ransomware appeared in 44% of confirmed breaches, up from 32% the year prior. Each of these vectors maps cleanly to a partner ecosystem, since vendors are the most common holders of customer credentials, the most common operators of internet-exposed appliances, and the most common third-party connection a ransomware affiliate can pivot through.

Supply chain breaches are the most expensive and slowest-detected

The IBM 2025 Cost of a Data Breach Report, based on interviews with 600+ organizations affected by breaches between March 2024 and February 2025, prices a supply chain compromise at $4.91 million on average, putting it at the top of the cost table alongside malicious insider attacks. The supply chain figure runs roughly 11% higher than the global average breach cost of $4.44 million. Detection and containment is even more lopsided: a supply chain compromise takes 267 days on average to identify and contain, the longest lifecycle IBM tracks. By comparison, the median breach in 2025 was 241 days, the lowest in nine years.

IBM attributes the cost and dwell-time gap to one specific dynamic. Attackers do not need to break the perimeter when a trusted vendor has already connected to it. Compromised supplier credentials or signed software updates carry the same authentication weight as the customer’s own assets, which means alerts fire later, scoping is harder, and downstream notification obligations multiply. The same IBM research found that supply chain compromise accounts for 30% of incidents involving AI models and applications, and 44% of all zero-day attacks in 2025 targeted managed file transfer systems, the precise infrastructure that vendors use to exchange data with their customers.

Open source malware: a 75% jump in a single year

Open source package registries have become the highest-volume supply chain attack surface, and the trendline is steep. The Sonatype 2026 State of the Software Supply Chain Report cataloged more than 454,600 new malicious open source packages in 2025 across npm, PyPI, Maven Central, NuGet, and Hugging Face, a 75% year-over-year increase. Cumulative count of known and blocked malicious packages is now above 1.23 million. Per Sonatype, more than 99% of open source malware now lives on npm, and 56% of the recorded packages are classified as repository abuse, which covers spammy promotion, data harvesting, and credential theft. The remaining 44% spans a more dangerous mix of droppers, info-stealers, and persistent backdoors, increasingly from state-aligned actors including the Lazarus Group.

The ReversingLabs 2026 Software Supply Chain Security Report tells a similar story from a different lens. Malicious open source package detections rose 73% in 2025, with npm volume climbing more than 100% to 10,819 packages, accounting for nearly 90% of detections across registries. PyPI and NuGet went the other direction, with malware detections down 43% and 60% respectively as those platforms rolled out mandatory two-factor authentication, trusted publishing, and additional package controls. Attackers responded by concentrating on npm, where dependency depth and weekly download volume amplify the reach of every poisoned package.

Named 2025 incidents: Shai-Hulud, npm chalk and debug, PowerSchool

Per ReversingLabs, the Shai-Hulud worm in September 2025 became the first known registry-native, self-replicating malware. It compromised more than 1,000 npm packages across two distinct campaigns and exposed an estimated 25,000 GitHub repositories downstream. The worm propagated by harvesting maintainer tokens from an infected package and using them to publish poisoned versions of every other package that maintainer controlled, which produced an exponential blast radius before the registry could intervene. ReversingLabs flagged Shai-Hulud as a turning point that proved the npm ecosystem can support truly autonomous malware, not just one-off typosquats.

Two other 2025 events filled out the picture. The widely used npm packages chalk and debug, which together pull in more than 2.6 billion weekly downloads, were briefly compromised after a maintainer fell to a phishing attack, putting cryptocurrency wallet code into one of the most pervasive logging libraries in the JavaScript ecosystem. And in the U.S. education sector, the PowerSchool breach, classified by Verizon as a third-party software supply chain event, exposed personal data on roughly 62.4 million students and 9.5 million teachers across thousands of school districts, demonstrating how a single SaaS vendor compromise can sweep across an entire industry vertical. Both events are referenced in the supply chain incident lists in the Sonatype 2026 report and the Verizon 2025 DBIR.

MOVEit, the largest supply chain campaign by victim count

The MOVEit Transfer mass-exploitation campaign by the Cl0p ransomware group remains the high-water mark for supply chain attack reach. Per Emsisoft tracking finalized in 2024, MOVEit affected at least 2,773 organizations and exposed personal data on more than 95 million individuals. The campaign exploited a zero-day in a single piece of managed file transfer software used by thousands of enterprises and government agencies, which translated one vulnerability into a multi-year notification, litigation, and regulatory cost stream. Victims included the U.S. Department of Energy, Shell, British Airways, the BBC, several U.S. state governments, and a long tail of universities, healthcare providers, and benefits administrators.

The MOVEit pattern is why managed file transfer systems sit so high in the IBM 2025 report zero-day attack data. A single bug in a vendor product can become the entry point into every downstream customer at once, and the cost is borne by the customer, not the vendor. That asymmetry is a major driver behind the EU and U.S. regulatory push covered in the next section.

Regulatory pressure: SEC, EU NIS2, EO 14028, and SBOM

Regulators have responded to the supply chain wave with concrete disclosure and transparency requirements. The U.S. Securities and Exchange Commission cybersecurity disclosure rules require public companies to report material cybersecurity incidents within four business days on Form 8-K Item 1.05, and to discuss their cybersecurity risk management and oversight, including supply chain exposure, in annual filings under Item 106 of Regulation S-K. The rules took effect in December 2023 for most registrants and in June 2024 for smaller reporting companies, and 2025 was the first full year in which third-party-induced disclosures became routine.

In the EU, the ENISA Threat Landscape 2025 places supply chain risk at 10.6% of all tracked cyber incidents and identifies it as one of the top NIS2 risks across energy, transport, finance, public administration, and manufacturing. ENISA singles out compromises of software vendors, cloud integrators, MSP and MSSP partners, and CI/CD pipelines as the fastest-growing attack patterns, and highlights two new vectors: AI-model poisoning and "slopsquatting", where attackers register package names that AI coding assistants are known to hallucinate.

On software transparency, CISA published the 2025 Minimum Elements for a Software Bill of Materials in August 2025, updating the 2021 baseline with new required fields including component hash, license, tool name, and generation context. In September 2025, CISA, NSA, and 19 international partners released joint guidance establishing a shared global vision for SBOM adoption, harmonized formats, and integration into vulnerability and incident response workflows. Combined with EO 14028’s ongoing federal SBOM mandate, this is the regulatory machinery that converts the 2025 incident wave into a continuing, audit-driven compliance obligation across the federal supply chain and any vendor that sells into it.

Emerging supply chain attack trends in 2026

Third party is the new perimeter. Per the Verizon 2025 DBIR, the 15% to 30% jump in third-party involvement is the single largest single-year shift the DBIR has ever recorded. Going into 2026, vendor and partner ecosystems should be modeled as the default initial-access path, not as an edge case.

AI pipelines are the next attack surface. Per the IBM 2025 Cost of a Data Breach Report, supply chain compromise accounts for 30% of incidents involving AI models and applications, and the ENISA Threat Landscape 2025 documents model poisoning, "Rules File Backdoor" attacks against AI coding assistants, and slopsquatting as new categories. AI/ML supply chain risk is no longer hypothetical.

npm is the highest-yield malware registry on the internet. Per Sonatype and ReversingLabs, more than 99% of open source malware now lives on npm, npm detections rose more than 100% year over year, and the Shai-Hulud worm proved self-replicating attacks are viable inside the registry. Defensive controls that worked for PyPI and NuGet (mandatory 2FA, trusted publishing) are still incomplete on npm.

Managed file transfer is the most exploited zero-day target. Per the IBM 2025 report, 44% of zero-day attacks now target managed file transfer platforms. After MOVEit, GoAnywhere, and Cleo, security teams should treat any internet-exposed file transfer appliance as a known supply chain risk.

SBOM is moving from voluntary to expected. Per CISA, the 2025 Minimum Elements update raises baseline expectations for software transparency, and the September 2025 joint guidance from CISA, NSA, and 19 international partners is the clearest signal yet that SBOM is becoming a procurement requirement across the western alliance.

Slopsquatting and AI-hallucinated dependencies are a new attack class. Per the ENISA Threat Landscape 2025, attackers are registering non-existent package names that AI coding assistants reliably hallucinate, then waiting for developers to install them on a tab-complete. Expect the technique to scale alongside AI-assisted development adoption in 2026.

For broader context on the trends above, see our cyber attack statistics and ransomware statistics roundups.

How swif.ai helps

swif.ai gives IT and security teams a single console to enforce device, identity, and compliance controls across the macOS, Windows, and Linux endpoints behind the numbers above. Explore swif.ai unified endpoint management to see how it works.