- The tablet that solved my biggest problem as a smart home enthusiast is now $50 off
- The best Alexa smart speaker I've tested isn't an Echo (and it's $50 off)
- Forget Dyson: Roborock's wet-dry vacuum makes my floors sparkle (and it's only $180)
- I gave away my Kindle and iPad hours after getting this tablet (and you can save 40% on it)
- The portable battery that saved my last camping trip is $159 during the Amazon Spring Sale
SecurityScorecard Observes Surge in Third-Party Breaches
Cyber-attacks leveraging third-party vulnerabilities are on the rise, according to a new SecurityScorecard report.
The cyber risk assessment provider released its 2025 Global Third-Party Breach Report on March 26.
In the report, SecurityScorecard’s STRIKE Threat Intelligence Unit analyzed 1000 cyber breaches across industries and regions in 2024. It found that 35.5% of breaches were third-party related, up from 29% the previous year, representing a 6.5% increase.
Additionally, third-party breaches accounted for 41.4% of ransomware attacks in 2024, with Clop being the most prolific group that leveraged third-party access vectors.
Interestingly, the report observed that “only” 46.75% of 2024 third-party breaches involved technology products and services, a drop from last year’s 75%, suggesting a diversification of attack surfaces.
Ryan Sherstobitoff, SVP of SecurityScorecard’s STRIKE Threat Research and Intelligence, commented: “Threat actors are prioritizing third-party access for its scalability. Our research shows ransomware groups and state-sponsored attackers increasingly leveraging supply chains as entry points.”
Third-Party Breaches: Industry and Geographic Breakdown
The retail and hospitality sector was the most impacted, with the highest third-party breach rate (52.4%), followed by the technology industry (47.3%) and the energy and utilities industry (46.7%).
Additionally, the healthcare sector experienced the most third-party breaches (78), although it was less impacted proportionally to its size, with 32.2% of breaches attributed to third-party intrusions.
Singapore-based organizations had the highest third-party breach rate (71.4%), followed by those in the Netherlands (70.4%) and Japan (60%). The US reported a lower rate (30.9%), falling 4.6% below the global average.
Third-Party Risk Mitigation Recommendations
Based on third-party breach patterns, SecurityScorecard offered recommendations for security teams:
- Match risk management to your organization’s risk profile
- Mitigate fourth-party risk by requiring vendors to maintain strong third-party risk management (TPRM) programs and include TPRM requirements in contracts
- Demand ‘secure by design’ technology
- Harden high-risk infrastructure, including file transfer software, cloud infrastructure, industry-specific services and VPNs, with prompt patching, multifactor authentication (MFA) and continuous security assessments
- Disrupt ransomware supply chains, notably by refusing to pay ransoms
“To stay ahead of these threats, security leaders must move from periodic vendor reviews to real-time monitoring to contain these risks before they escalate throughout their supply chain,” Sherstobitoff concluded.
Read now: Third-Party Cyber Risk Management: Taking a Strategic Approach
