- The 40+ best Black Friday PlayStation 5 deals 2024: Deals available now
- The 25+ best Black Friday Nintendo Switch deals 2024
- Why there could be a new AI chatbot champ by the time you read this
- The 70+ best Black Friday TV deals 2024: Save up to $2,000
- This AI image generator that went viral for its realistic images gets a major upgrade
#BHUSA: 99% of Global 2000 Firms Have Recently Breached Vendors
Virtually all (99%) of the world’s most profitable public companies have IT vendors that suffered a recent security breach, according to new data from SecurityScorecard.
The security vendor drew on its automatic vendor detection capability and in-house intelligence to compile the report, Global 2000: Industry Titans Battle the Beast of Supply Chain Cyber Risk. It covers breaches between Q4 2022 and Q1 2024.
The study claimed that 18,000 different technology and service products are directly used by the Global 2000 and supplied by over 8000 vendors, with the median figure at 361 products, supplied by 144 vendors.
Some 20% of vendors used by the Global 2000 have been breached in the past 15 months on average. Around 40% of Global 2000 firms have between 21 and 50 recently breached vendors, while 15% operate in third-party ecosystems that contain 50 or more vendors with known breaches.
A supplier breach doesn’t necessarily mean that the Global 2000 firm has been directly impacted. However, SecurityScorecard warned that supply chain incidents cost 17 times more to remediate and manage than first-party breaches.
Read more on supply chain risk: Some 98% of Global Firms Suffer Supply Chain Breach in 2021
The report also sounded the alarm over “concentration risk,” which stems from the fact that reliance on ubiquitous technologies can create massive single points of failure, which lead to widespread impacts.
For example, each of the eight most widely deployed vendors are used by at least 80% of Global 2000 companies. Meanwhile, 90% of Global 2000 firms provide products and services to other Global 2000 firms, compounding the risk, the report warned.
Total estimated total losses from Global 2000 breaches ranged between $20bn and $80bn over the 15-month period.
“The world is only beginning to grasp the potential for chaos caused by concentration risk,” argued SecurityScorecard SVP of threat research and intelligence, Ryan Sherstobitoff.
“Understanding and managing your supply chain is critical to protect business continuity. It’s not just about preventing disruptions; it’s about safeguarding the very foundation of our interconnected economy.”
To mitigate supply chain risk, the firm urged companies to:
- Continuously monitor the external attack surface with automated scanning
- Identify single points of failure
- Automatically detect new vendors