Are New Trade Policies Driving More Supply Chain Risk?

Download this article in PDF format.

Coming into 2025, companies were concerned with some mainstay supply chain risks plus some others that were emerging. This “new normal” environment isn’t expected to change much in the near future, but the introduction of new trade policies—and the flip-flopping that’s followed—has led to a new category of risk to put on chief supply chain officers’ plates: trade policy risk.

A new World Economic Forum report entitled How trade policies are expanding supply chain cyber risks takes a deep dive into the topic. Written by the Information Security Forum’s Steve Durbin, the piece highlights how trade uncertainties are the top business challenge for 73% of organizations right now (according to the latest National Association of Manufacturers’ outlook survey). It also looks at how trade uncertainties amplify cyber risks and the increase in the occurrence of supply chain cyber incidents.

“Businesses need to fortify their cyber resilience against such disruptions and potential attacks. Tariffs—even the threat of escalating tariffs—can induce volatile demand and supply, negatively affecting supply chains and triggering disruptions in trade,” Durbin writes. “They force organizations to reevaluate their trade relationships, consider reshoring, nearshoring, friendshoring or hiring new suppliers.”

The Threat is Real

The supply chain cybersecurity threat is real: According to ReversingLabs’ 2025 Software Supply Chain Security Report, these critical networks have become a popular target for malicious actors, including cybercriminal groups and nation-state hackers. It says the rapid embrace of artificial intelligence (AI) and machine learning by both enterprises and software producers is introducing new supply chain risks to those organizations. 

“Software supply chain attacks got more sophisticated in 2024 as malicious actors launched attacks on the build pipelines of prominent open-source projects, singled out AI and machine-learning software supply chains, and took advantage of epidemic, exploitable flaws in black-box, commercial software binaries,” ReversingLabs says, noting that AI’s explosive growth and the growing reliance of software development organizations on AI-generated code was accompanied by increased AI and ML supply chain cyberthreats, as malicious actors looked to infiltrate widely used AI ecosystems.

One Big Ecosystem

Cybersecurity and trade policy are closely intertwined. For example, tariffs directly affect raw material costs and may force organizations to reassess their procurement strategies. This, in turn, opens up the door to even more risk and vulnerability, particularly when those supplier selection decisions are made quickly and under duress.

Here’s how it works:

• To avoid overdependence on one region or supplier, organizations onboard new, untested suppliers while bypassing adequate security screening.
• A dispersed supply chain with diverse and less secure suppliers is more vulnerable to disruptions and threats.
• Extending supply chains to new suppliers or logistics providers creates even more entry points for attackers, raising the specter of breaches.

Durbin says another potential risk is directly related to the current instability in global trade, which prompts companies to reconsider long-term investments. “Rather than expanding the existing infrastructure to accommodate new business opportunities, organizations redirect funds towards emergency purchasing and sourcing adjustments,” he writes. “Critical system and security upgrades are deferred, leaving unpatched security gaps.”

Steps to Take Now 

So what can companies do to reduce the risk associated with the current trade uncertainty? Durbin says some good first steps include using a zero-trust model to block unauthorized access from compromised vendors; enforcing strong access controls; using systems that predict breaches in supplier networks before the problems escalate; and using cybersecurity awareness training to minimize human-induced security threats in supply chains.  

“To sustain operations in such volatile trade conditions, global supply chains need cyber resilience, centered on rapid response and recovery efforts,” he concludes, “ensuring the continuity of the supply chain even amid cyberattacks.”