According to the World Economic Report on Cybersecurity Risks of 2025, of large organisations, 54% identified supply chain challenges as the biggest barrier to achieving cyber resilience. The increasing complexity of supply chains, coupled with a lack of visibility and oversight into the security levels of suppliers, has emerged as the leading cybersecurity risk for organisations. Key concerns include software vulnerabilities introduced by third parties and propagation of cyberattacks throughout the ecosystem.
“Cybersecurity has been a top priority of the ECIA’s Global Industry Practices Committee (GIPC) since its inception,” explained Christine Wolnik, ECIA’s Vice President of Industry Practices. “ECIA members – who represent the electronic component authorised channel – have been entrusted by their customers with the security and authenticity of the components used for the electronics critical to modern life. The GIPC works tirelessly to make that supply chain more efficient and secure. To that end we publish documents, recommend best practices and educate our members and the industry on how to manage cybersecurity risks.”
But the advent of large language model (LLM) tools like ChatGPT has added a new dimension of urgency to their ongoing efforts.
“AI is moving faster than your company can adapt,” explained one of GIPC’s Cybersecurity subject matter experts, Patrick Dunphy, who is Omron Management Centre of America’s Head of Cybersecurity. “You need to be an enabling force for your staff to leverage these tools to create products, enhance marketing, improve productivity but still protect your data. If your company isn’t testing AI across many different business functions (including security operations), you may already be behind.”
Earlier this year, ECIA published a revision to its core Cybersecurity Advisory, which outlines the four key areas of awareness for executives with international operations. Those key areas are:
- Cyber threats in foreign locations, which become more complex due to differing laws, languages, and customs. Some threats are more prominent than others depending on the country and may require different approaches and strategies to address them adequately
- International laws. Operating in foreign countries necessitates understanding applicable laws and regulations, such as the EU’s GDPR, China’s Cyber Security Law, China’s Data Protection Law (PIPL) or the US California laws (CCPA and CPRA). The engagement of a dedicated internal compliance team or external counsel specialising in international cyber security laws is vital to ensure alignment of your policies and procedures
- An international response plan and scheduled tests. In managing cyber threats, the identification and prevention of threats are critical. Equally crucial are swift and accurate detection, response, and recovery from threats
- Allocating resources to protect international operations. Determining the appropriate level of cybersecurity investment involves considering multiple factors, including assessing IT spend compared to industry benchmarks
How AI has changed the game
Regulation of AI and LLMs is an emerging area where regulations, including ones to address considerations that are directly and indirectly relevant to cybersecurity threats noted above, are still in development to address the rapid technological advancements and may vary from country to country.
“AI poses a significant challenge for global organisations due to rapidly evolving regulations. While some foundational rules offer guidance, delivering AI value must be done responsibly – strictly adhering to compliance requirements specific to each state, country, and region,” commented Richard B. Smith, Cybersecurity Manager, Panduit. “Depending on the locality, your organisation and your customers may have vastly different regulatory constraints. Regardless, regulatory alignment is not optional; it’s essential to mitigate risk and maintain trust.”
But that’s not the only challenge arising from the widespread use of these new technologies. “At the same time,” Dunphy continued, “attackers are using AI to impersonate your executives in phone calls, Teams meetings, and other rapid enhancements to commit fraud against your customers and your company. How are you teaching them to detect, respond to, and report these incidents?”
Fraud, theft, data breaches, and ransomware attacks are much easier for bad actors
The risks to the organisation, and, indeed, to the executives themselves are very real. These include fraud and theft from within the company, as in the case of the North Korean IT workers infiltrating companies in the US and other countries by posing as remote workers using fake or stolen identities; data breaches which can lead to job losses and even bankruptcy, as in the case of National Public Data, as well as vulnerabilities from cybercriminals.
Ransomware attacks remained the top organisational cyber risk year on year, with 45% of respondents in the World Economic Forum report cited above, ranking it as a top concern in this year’s survey. According to leaders at the Annual Meeting on Cybersecurity 2024, significant innovations in ransomware attacks should be expected. This is compounded by the continued adoption of Ransomware-as-a-Service (RaaS), entrenching the commoditisation of the ransomware model.
“GenAI tools are reshaping the cybercrime landscape by enabling criminals to refine their methods, and automate and personalise their techniques,” the report continues. “With 47% of organisations citing their top concern surrounding GenAI as the advance of adversarial capabilities, cybercriminals are harnessing the efficiency of AI to automate and personalise deceptive communications.”
Creating, maintaining, and implementing a well-constructed cybersecurity program must be a top priority for strategic planning for 2026. When 2025 began, few executives expected the level of geopolitical disruption that has unfolded. While there are many issues that clamor for the executive’s mindshare, cybersecurity must not be allowed to fall off the radar.
ECIA recommends executives:
- Create a Generative AI task force within your company to identify key value activities, governance, and cybersecurity
- Start training your staff to identify GenAI voice and other cyber attacks now
ECIA is developing a platform for members to exchange information and receive timely updates. This is projected to launch later this fall.
“And at the core of cybersecurity is good data and processes,” added ECIA’s Wolnik. “If your corporate data is bad, your AI models will do more harm than good. The time to start is now.”
Authors:
Richard B. Smith, Cybersecurity Manager, Panduit
Patrick Dunphy, Omron Management Centre of America’s Head of Cybersecurity
Christine Wolnik, ECIA’s Vice President of Industry Practices
This article originally appeared in the Sept/Oct issue of Procurement Pro.
