Singapore maintains one of the strongest levels of third-party cyber risk maturity worldwide, yet organisations continue to face escalating supply-chain threats, according to new findings from BlueVoyant’s latest State of Supply Chain Defence Report. The study highlights that even the most mature programmes are struggling to keep pace with growing vendor ecosystems and an expanding attack surface.
Strong maturity but rising breaches
BlueVoyant reports that 60 per cent of organisations in Singapore have established or optimised third-party risk management programmes. This places the country ahead of its regional peers and surpassing historically mature markets such as the United States. The results reinforce Singapore’s position as a global benchmark for TPRM sophistication, supported by strong industry participation and government-backed cybersecurity initiatives.
Despite this maturity, exposure to vendor-related breaches remains high. Ninety-three per cent of organisations surveyed experienced negative impacts from a supply-chain cyber incident, up from 70 per cent in 2024. BlueVoyant suggests that this rise may be driven by both a greater volume of attacks and improved detection capabilities. Almost half of the respondents reported between two and five third-party breaches in the past year, while over a third experienced at least one.
William Oh, Head of Asia Pacific at BlueVoyant, said Singapore’s leadership in technology and risk governance continues to set it apart, but added that higher maturity does not equate to immunity. “But this year’s findings show that maturity alone doesn’t guarantee protection. Even with the country’s proactive approach, strong frameworks and sustained government–industry collaboration, more than 56% of organisations experienced multiple third-party breaches. The challenge has shifted from building these programs to ensuring they operate effectively day-to-day amid expanding vendor ecosystems.”
Executive oversight and investment trends
Leadership involvement appears to be a defining feature of successful TPRM programmes in Singapore. The study found that 32 per cent of organisations brief senior executives monthly or more, helping align risk strategies with operational demands and enabling faster responses during cybersecurity incidents.
Investment in third-party cyber risk capabilities is also accelerating. Nearly all organisations surveyed expect to increase TPRM spending over the next 12 months, up from 90 per cent the previous year. Outsourcing is becoming more common, with 45 per cent of organisations engaging external partners to analyse data and monitor vendor-related risks. As supply chains grow more complex, more firms are relying on specialist expertise to manage remediation and work with vendors on migration plans.
Oh added that the shift requires deeper integration of cyber risk into everyday business functions. “As supply chains grow more complex, tools and collaboration aren’t enough on their own. Organisations need continuous visibility into vendor risk and leadership engagement that drives real accountability. We’re seeing increased investment and strong momentum behind AI adoption, but the biggest gains come when third-party cyber risk becomes part of everyday business decisions not just a compliance exercise. That’s where Singapore’s most mature organisations are pulling ahead.”
AI adoption gains momentum
Automation is emerging as a critical enabler for future TPRM strategies. Sixty-four per cent of respondents said AI is the most suitable technology for continuous monitoring in the coming year, reflecting a growing demand for real-time visibility as supply-chain networks expand. Two-thirds of organisations expect their third-party ecosystems to grow by 6 to 15 per cent, further amplifying the need for scalable risk-management tools.
The study notes that AI will play a central role in maintaining oversight as organisations diversify their vendor portfolios. With more firms outsourcing tasks such as remediation and vendor coordination, the ability to track risks at speed and scale is becoming increasingly important.
