47% of retail executives reported having very low to moderate visibility into their software supply chain.

73% of security leaders reported receiving at least one notification of a software supply chain vulnerability or incident within the past year.

In Latin America, 50% say they are prepared for software supply chain attacks.

Despite high investment in enhanced software supply chain security, Europe ranks lowest at 23% in prioritizing engaging with software suppliers about security credentials

About half (49%) of companies say they lack the visibility to fully understand – or even identify – software supply chain risks.

80% of organizations with low visibility of their software supply chain view critical factors like custom code, commercial off-the-shelf software, and API integrations as "very risky" or "somewhat risky".

40% of CEOs believe that the biggest security risk the organization faces today is from the software supply chain, compared with 29% of CIOs and 27% of CTOs.

39% of CEOs say AI adoption presents a greater risk to the software supply chain.

57% of North American organizations say they are prepared for software supply chain attacks.

67% of European organizations are investing in enhanced software supply chain security, which is the highest of all regions.

In North America, the top three risks for organizations are third-party software distribution channels (49%), third-party risk management (48%), and unsupported software (48%).

80% of organizations that report very low visibility across the software supply chain have suffered a security breach in the past 12 months.

Only 25% of organizations plan to prioritize engaging with software suppliers about security credentials in the next 12 months.

Only 23% of organizations are confident that they have very high visibility of their software supply chain.

The 6% of organizations with "very high visibility" of their software supply chain are a stark contrast to the 80% with "very low visibility" who suffered a breach.

In Europe, 51% of organizations say they are prepared for software supply chain attacks.

44% of organizations in APAC say they are prepared for software supply chain attacks.

19% of CISOs cited software supply chains as posing significant threats to security.