4.5% of breaches now extend to fourth parties

Security teams can no longer afford to treat third-party security as a compliance checkbox, according to SecurityScorecard. Traditional vendor risk assessments, conducted annually or quarterly, are too slow to detect active threats.

35.5% of all breaches in 2024 were third-party related, a 6.5% increase from 2023. This figure is likely conservative due to underreporting and misclassification. So while you’re updating your firewall rules, somewhere in your supply chain a vendor might be inadvertently letting in the very attackers you’ve been working to keep out.

46.75% of third-party breaches involved technology products and services, a drop from last year’s 75%, signaling a diversification of attack surfaces. File transfer software remained the top third- party breach enabler, with Cl0p exploiting vulnerabilities in Cleo software (CVE-2024-50623 and CVE-2024-55956) to launch large-scale attacks.

Cross-industry technology was four times more commonly exploited than industry-specific technology, reflecting the broad reach of supply chain risks. Retail and hospitality saw the highest third-party breach rate (52.4%), followed by the technology industry (47.3%) and the energy and utilities industry (46.7%).

4.5% of breaches now extend to fourth parties, one breach triggers multiple organizational failures.

Healthcare in the spotlight

The healthcare sector had the most third-party breaches (78) but a below-average rate (32.2%).

Healthcare suffers from the most breaches overall (242 incidents, 24.2% of all breaches), but a smaller percentage of these breaches involve third parties than the cross-industry average. This isn’t due to greater resilience against third-party attacks, but rather reflects the sheer volume of direct attacks targeting healthcare organizations.

A notable source of third-party risk comes not from external vendors but from within an organization’s own corporate family. The risk from subsidiaries and acquired companies represents a blind spot in many security programs. Subsidiaries and acquisitions account for 11.75% of third-party breaches globally.

Ransomware attacks are correlated with third-party breach vectors

There is a significant correlation between ransomware attacks and third-party breach vectors, suggesting that supply chain vulnerabilities are becoming increasingly central to ransomware operations. 41.4% of ransomware attacks now start through third parties.

Cl0p remains the most prolific group but saw its share decrease from 26% to 17% year-over-year. Despite this decline, Cl0p’s share remains more than twice that of the next most active group (17% vs.8.2%). LockBit continues to hold second place despite law enforcement disruption.

Ransomware attacks represented a larger share of third-party breaches (34.6%) than of overall breaches (29.7%), a 4.9% difference.

Singapore (71.4%) had the highest third-party breach rate, followed by the Netherlands (70.4%) and Japan (60%). The US reported a lower rate (30.9%), falling 4.6% below the global average.

“Threat actors are prioritizing third-party access for its scalability. Our research shows ransomware groups and state-sponsored attackers increasingly leveraging supply chains as entry points. To stay ahead of these threats, security leaders must move from periodic vendor reviews to real-time monitoring to contain these risks before they escalate throughout their supply chain,” said Ryan Sherstobitoff, SVP of SecurityScorecard’s STRIKE Threat Research and Intelligence.

