Supply chain security has escalated to a board-level concern, prompting organizations to reevaluate their resilience strategies. The European Cyber Resilience Act (CRA) has been a key driver, imposing fines of up to 2.5% of global turnover for non-compliance1. This shift is attributed to the increasing complexity of global supply chains, coupled with the widespread use of open-source software. As a result, Chief Security Officers (CSOs) must now consider the broader implications of supply chain vulnerabilities, beyond mere technical concerns. The CRA's stringent regulations have raised the stakes, making it imperative for organizations to prioritize supply chain security. So what: this newfound attention to supply chain security matters to practitioners because it underscores the need for a proactive, board-level approach to mitigating risks and ensuring compliance, lest they face significant financial and reputational consequences.