As technological advances continue to increase the speed and scope at which business can be done across industries, they are also empowering bad actors to create new problems – and dire threats – in those same spaces. Even the most robust and best-resourced cybersecurity teams can’t account for every threat in an age of exploding artificial intelligence and automation capabilities.
Because the overall surface area of vulnerability is rapidly expanding at the same time that cyber criminals are gaining greater access to tech tools that can be weaponized, attacks are at an all-time high – and are only expected to grow. Increasingly, supply chains in particular have been the target of choice for cyber criminals.
Digital integration has created new and numerous access points for breaches and hacks, and supercharged tech has equipped bad actors to attack more easily and often. Frequently, malware and Trojan Horse intrusions are planted with vendors and third-party partners as a means to target larger businesses that otherwise may be difficult to attack directly.
The result: Organizations operate in a state of hypervigilance. Cybersecurity teams flag every risk signal. Piles of resources are exhausted sifting through countless nominal threats, sometimes distracting from a greater cyber danger.
This has culminated in widespread alert fatigue, desensitizing security teams to the emergence of true threats. How, then, is a business supposed to protect itself not only from cyber attacks on its systems and those of its supply chain partners but also prevent the seemingly inevitable alert fatigue that comes with those protection efforts?
Recognizing the Threat: Cyberattacks by the Numbers
There’s a tension between the general threat of cyberattacks and businesses’ ability to recognize and respond to it. There is no doubting the reality of the risk: Cyberattacks have spiked sharply in recent years – and that trend is only projected by experts to continue in the foreseeable future.
In 2000, the U.S. Internet Crime Complaint Center (IC3) website received about 16,840 complaints of cybercrime, according to Statista. By 2017, that number hit roughly 301,580. And in the seven years that followed, the figure nearly tripled, with IC3 receiving around 859,530 reported complaints in 2024.
One estimate projects that cybercrime will increase from over 10 trillion U.S. dollars in 2025 to approximately 16 trillion by 2029. Meanwhile, according to an Intel 471 report, supply chain vendors are being hit hardest by ransomware attacks. The report also notes that, due to the expected ongoing threat from the Qilin RaaS program and other extortion groups, as well as a shift in legislation, will likely prompt bad actors to develop new pressure strategies and tools.
Cybersecurity teams will have to act quickly and adapt accordingly.
At the same time, there is a danger in businesses failing to identify the most prominent cyber threats – and, specifically, in treating every perceived threat equally. Of the more than 48,000 Common Vulnerabilities and Exposures (CVEs) recorded in 2025, only 58 of them were identified as real threats (or 0.12 percent). If companies are compelled to react to exponentially more potential cyber incidents than there are legitimate threats, alert fatigue becomes a serious issue.
The Danger of Alert Fatigue When Tracking Cyber Threats
The core problem: Thousands of security threat alerts are coming at cybersecurity teams faster than they can check them. Most of these alerts that are labeled as potential threats are false positives, and as a result cyber teams are experiencing desensitization to urgent alerts amid the sheer number of inbounds they are receiving.
The trouble isn’t exactly the volume of CVEs, however, but rather the ability to identify those that pose a true threat. Artificial intelligence has empowered cyber criminals to launch exponentially more, and often more sophisticated, attacks that bog down security teams. And because many supply chains rely on external software, payment processors and logistics tech, third-party vendors frequently represent an organization’s biggest vulnerability.
That raises the security stakes for every organization that works with outside partners. A cyberattack doesn’t just steal data – it can stop shipments, shut down systems and create compliance headaches. In a hyper-connected supply chain, even one compromised partner can disrupt the entire flow. That makes cyber risk – not only that posed to a larger company but also (and perhaps especially) the risk faced by their partners – an operations risk.
How AI Is Hurting – and Helping
What may be driving alert fatigue above all else is the proliferation of artificial intelligence. AI is making it easier for bad actors to execute, iterate and increase the scale of cyber attacks. And the higher the threat volume and the more noise for organizational security teams, the more likely alert fatigue comes into play and mistakes get made.
But artificial intelligence – and specifically machine learning (ML) – is also perhaps the best hope for businesses to fight back against increasing cyber risk and alert fatigue. Machine learning can identify patterns and has the agency to make changes that can swiftly improve security systems without human intervention.
Complex, interconnected supply chains and the processing power of AI have helped create new and increasingly numerous opportunities for cyber criminals. An organization now has to strongly consider not only its own security systems and protocols but also those of its third-party partners. Vendors must be vetted for security, trained and equipped as necessary to prevent building a back door into tech stacks for threat actors.
Given the speed and scope of modern cyber attacks, businesses must lean into some of the same technology being used by those launching them. AI may represent the greatest challenge facing cybersecurity teams today, but it is also empowering organizations with the tools to cut through the clutter, identify true threats and quell alert fatigue.
