Middle East Faces Supply Chain Cyber Risk as Skills Gap Strains Defenses
A new Kaspersky study says understaffed security teams, competing priorities and weak contractor obligations are leaving many organizations in the Middle East exposed to supply chain and trusted-relationship attacks
According to a Kaspersky press release published on March 23, a shortage of qualified cybersecurity professionals is among the main obstacles preventing organizations in the Middle East from effectively tackling supply chain and trusted-relationship risks. In the regional findings, 44% of respondents cited the lack of qualified IT security staff, while 42% pointed to the challenge of prioritizing multiple security tasks at once.
Kaspersky found that 83% of businesses believe they need stronger protection against supply chain and trusted-relationship risks, yet only 17% consider their current defenses effective.
As reported by Kaspersky, the problem comes at a time when supply chain attacks have become one of the most serious threats facing businesses. The company said every third organization globally was hit by such an attack over the past year, underscoring how third-party weaknesses can open the door to broader compromise across connected business ecosystems.
The study also found additional structural weaknesses in the Middle East. Some 34% of respondents said their contracts do not clearly define IT security obligations for contractors, while 35% said non-IT personnel often do not fully understand supply chain and trusted-relationship risks. Kaspersky said this combination of talent shortages, overstretched teams and limited internal awareness can leave critical vulnerabilities insufficiently monitored.
Globally, the gap between awareness and readiness appears significant. Kaspersky found that 83% of businesses believe they need stronger protection against supply chain and trusted-relationship risks, yet only 17% consider their current defenses effective. Even among the most widely used safeguards, adoption remains limited, with two-factor authentication used by 39% of respondents and regular contractor cybersecurity reviews carried out by 41%.
Kaspersky argued that organizations hit by these attacks tend to adopt stronger security habits afterward, but said a more proactive approach is needed. The company recommends managed security services, additional cybersecurity training, deeper supplier due diligence, stronger contractual security requirements and closer collaboration with partners to reduce exposure across the supply chain.
