Companies should take three steps to address vulnerabilities that can lead to supply chain cyberattacks, says a new Harvard Business Review article by researchers at the Centre for Risk Studies at Cambridge Judge Business School.

Most software products rely on prewritten third-party software supply chain components produced by vendors or taken from open source libraries, and if attacked by cyber criminals this could compromise thousands or even millions of firms worldwide, the authors say.