SecurityScorecard’s 2025 Global Third-Party Breach Report has unveiled a significant rise in cyber attacks originating from third-party vendors, with 35.5% of all breaches in 2024 linked to these sources. The report, based on an analysis of 1,000 breaches across various industries and regions, underscores the growing threat posed by vendor-driven attacks.
The report identifies Singapore as having the highest third-party breach rate at 71.4%, followed by the Netherlands and Japan. Ryan Sherstobitoff, SVP of SecurityScorecard’s STRIKE Threat Research and Intelligence, noted, “Threat actors are prioritising third-party access for its scalability.”
Key findings indicate a shift in attack patterns, with 46.75% of third-party breaches involving technology products and services, down from 75% the previous year. This suggests a diversification of attack surfaces. The retail and hospitality sectors experienced the highest breach rates, whilst the healthcare sector reported the most breaches in total.
The report also highlights the role of ransomware, with 41.4% of such attacks now starting through third parties. The ransomware group C10p is identified as a prominent user of third-party access vectors.
SecurityScorecard recommends several strategies to mitigate these risks, including real-time monitoring of vendor relationships and demanding “secure by design” technology. The report stresses the importance of adapting security measures to industry-specific risks and enhancing vendor risk management programmes.
As cyber threats continue to evolve, organisations are urged to shift from periodic assessments to continuous monitoring to safeguard their supply chains effectively.
“`
This news story was carefully selected and published by a human editor, though the content itself was AI-generated. If you spot an error, please report it here.
