Third-party supply chain attacks are the second most-cited cybersecurity risk for chief information security officers out of 350 different risks, second only to ransomware attacks.