Most Firms Neglect Disaster Recovery Testing

An identity system failure can bring a fulfillment center to a complete standstill, halting order processing, creating inventory backlogs that take days to clear, and causing significant shipment delays that damage relationships with customers and suppliers. These identity systems are a primary target for wider supply chain attacks, which have become the most common cyberthreat faced by businesses. In 2025, a record 136 publicly disclosed third-party breaches cascaded to impact at least 719 named companies and an estimated 26,000 downstream victims. Attackers frequently exploit vulnerabilities in contractors and software vendors to bypass a primary company's defenses. Unauthorized network access and the use of stolen credentials were the root cause of more than half of all verified breaches in 2025. For tenants in logistics, the operational cost of such a breach is severe. A cyberattack on automotive giant Jaguar Land Rover in September 2025 forced a weeks-long production halt with an estimated cost of $2.5 billion, illustrating the extreme financial and operational risks within a complex supply chain. The failure to test recovery plans introduces significant financial and legal risk. Beyond the immediate revenue loss from downtime, companies may face regulatory fines for non-compliance with data protection laws like HIPAA and GDPR if their recovery plans are inadequate. Security experts recommend, at a minimum, a full-scale disaster recovery simulation once a year, with smaller, more frequent tests for mission-critical applications on a quarterly basis. This standard practice stands in stark contrast to the 75% of firms that fail to test their identity recovery plans adequately.