Supply chain attacks: The biggest cyber threat of 2025 and its impact on the stock market

The Hertz cyber incident this week is just the latest in a long chain of sophisticated cyber attacks exploiting the ultimate vulnerability of large organizations — their suppliers. The phenomenon of "supply chain attacks" is not new, but in the last two years it has gained alarming momentum, with devastating economic consequences.

In the Hertz case, the Russian ransomware gang Clop did not directly attack the car rental giant, but rather the file management service provider Cleo Communications, thus gaining indirect access to sensitive customer information. The ransomware gang exploited a previously unknown security vulnerability in Cleo's software. This is a brilliant strategy from the hackers' perspective — instead of dealing with the sophisticated cyber defenses of a large corporation, they find the weakest link in the chain.

Recent studies in the field of information security show that the vast majority of large organizations worldwide expose sensitive information to vendors and business partners, with only some conducting comprehensive security assessments of those suppliers. In a world where technology giants use thousands of suppliers, this creates an enormous breach in organizational security.

The stock market implications are immediate. The 2.5% drop in Hertz's stock is just the beginning. While markets focus on President Trump's disruptive statements and economic policies, cyber attacks are becoming a critical risk factor that does not receive sufficient attention. Unlike presidential statements whose effects may dissipate within days, cyber incidents leave long-term scars on company value. Experience shows that companies experiencing a significant cyber incident may suffer a considerable drop in stock value in the short term, but the true impact is revealed in the long run — damage to reputation, loss of customer trust, and recovery costs amounting to very high sums.

Smart investors are beginning to understand that cyber resilience is not just a technological issue but a genuine financial metric. Companies investing in securing their supply chain create a significant competitive advantage and can save themselves enormous losses. Conversely, companies neglecting this aspect risk severe damage to their stock price.

The real challenge is that most boards still perceive cybersecurity as an expense item rather than a strategic investment. Organizations that understand that protecting the supply chain is essentially protecting share value will be the ones to survive in an era of increasing cyber attacks.

The conclusion for investors is clear — examine not only the financial reports but also the level of digital security of the companies in which you invest, especially how they manage risks in their supply chain. In the coming quarters, this may be the most reliable indicator of a company's financial resilience.

Ron Meyran is the VP of Cyber Threat Intelligence at Radware.

.5% drop in Hertz's stock is just the beginning. While markets focus on President Trump's disruptive statements and economic policies, cyber attacks are becoming a critical risk factor that does not receive sufficient attention. Unlike presidential statements whose effects may dissipate within days, cyber incidents leave long-term scars on company value. Experience shows that companies experiencing a significant cyber incident may suffer a considerable drop in stock value in the short term, but the true impact is revealed in the long run — damage to reputation, loss of customer trust, and recovery costs amounting to very high sums.

Smart investors are beginning to understand that cyber resilience is not just a technological issue but a genuine financial metric. Companies investing in securing their supply chain create a significant competitive advantage and can save themselves enormous losses. Conversely, companies neglecting this aspect risk severe damage to their stock price.

The real challenge is that most boards still perceive cybersecurity as an expense item rather than a strategic investment. Organizations that understand that protecting the supply chain is essentially protecting share value will be the ones to survive in an era of increasing cyber attacks.

The conclusion for investors is clear — examine not only the financial reports but also the level of digital security of the companies in which you invest, especially how they manage risks in their supply chain. In the coming quarters, this may be the most reliable indicator of a company's financial resilience.

Ron Meyran is the VP of Cyber Threat Intelligence at Radware.