SecurityScorecard 2025 Global Third-Party Breach Report Reveals Surge in Vendor-Driven Attacks

NEW YORK--(BUSINESS WIRE)--SecurityScorecard today released the 2025 Global Third-Party Breach Report. Using the world’s largest proprietary risk and threat data set, SecurityScorecard’s STRIKE Threat Intelligence Unit analyzed 1,000 breaches across industries and regions to uncover key attack patterns, measure the impact of third-party security failures and identify the most commonly exploited vendor relationships.

Ryan Sherstobitoff, SVP of SecurityScorecard’s STRIKE Threat Research and Intelligence, said: "Threat actors are prioritizing third-party access for its scalability. Our research shows ransomware groups and state-sponsored attackers increasingly leveraging supply chains as entry points. To stay ahead of these threats, security leaders must move from periodic vendor reviews to real-time monitoring to contain these risks before they escalate throughout their supply chain."

Key Findings:

• Surging Risk: 35.5% of all breaches in 2024 were third-party related. This figure is likely conservative due to underreporting and misclassification.
• Tech Sector Shift: 46.75% of third-party breaches involved technology products and services, a drop from last year's 75%, signaling a diversification of attack surfaces.
• Industry Impact: Retail & hospitality saw the highest third-party breach rate (52.4%), followed by the technology industry (47.3%) and the energy and utilities industry (46.7%).
• Healthcare in the Spotlight: The healthcare sector had the most third-party breaches (78) but a below-average rate (32.2%).
• Global Hotspots: Singapore (71.4%) had the highest third-party breach rate, followed by the Netherlands (70.4%) and Japan (60%). The U.S. reported a lower rate (30.9%), falling 4.6% below the global average.
• Ransomware Connection: 41.4% of ransomware attacks now start through third parties. The ransomware group C10p stands out as the most prolific user of third-party access vectors.

Actionable Strategies to Reduce Third-Party Breach Risk

Based on third-party breach patterns, SecurityScorecard offers these targeted recommendations for security teams:

• Match Risk Management to Your Risk Profile: Third-party risk varies by industry, geography, technology and organizational structure. Security strategies should be tailored to these factors for effective risk management.
• Mitigate Fourth-Party Risk: Require vendors to maintain strong third-party risk management (TPRM) programs, include TPRM requirements in contracts and recognize that poor vendor security exposes your organization to fourth-party threats.
• Demand "Secure by Design" Technology: Ensure security features are built-in, not optional. Strengthen procurement standards and support CISA’s Secure by Design initiative when selecting vendors.
• Harden High-Risk Infrastructure: Prioritize protection of file transfer software, cloud infrastructure, industry-specific services and VPNs. Implement prompt patching, multi-factor authentication (MFA) and continuous security assessments.
• Disrupt Ransomware Supply Chains: Paying ransoms fuels future attacks, creates legal risks and often fails to restore data. Strengthening defenses and refusing to pay ransoms protect both organizations and the broader security community.

For more in-depth analysis and to download the report, visit: securityscorecard.com/resource/global-third-party-breach-report

Methodology

The findings in this report are based on a multi-source analysis of open-source intelligence (OSINT), security research, lawsuits, corporate filings, government disclosures, mainstream news media and underground criminal forums. This breach sample came from SecurityScorecard's intelligence feed, which is used in SecurityScorecard’s SCDR platform to inform risk scoring and initiate incident response workflows.

Unlike other reports that rely solely on self-reported data, this study integrates real-world breach intelligence gathered by SecurityScorecard's STRIKE Threat Intelligence team. Most breaches in the sample were not third-party related—this was intentional to provide a broader comparison sample.

About SecurityScorecard

SecurityScorecard created Supply Chain Detection and Response (SCDR), transforming how organizations defend against the fastest-growing threat vector—supply chain attacks. Our industry-leading security ratings serve as the foundation and core strength, while SCDR continuously monitors third-party risks using our factor-based ratings, automated assessments and proprietary threat intelligence, to resolve threats before they become breaches. MAX enables response and remediation capability, working through our service partners to protect the entire supply chain ecosystem while strengthening operational resilience, enhancing third-party risk management and mitigating concentrated risk.

Trusted by over 3,000 organizations—including two-thirds of the Fortune 100—and recognized as a trusted resource by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Backed by Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, NGP, Intel Capital and Riverwood Capital, SecurityScorecard delivers end-to-end supply chain cybersecurity that safeguards business continuity.

Learn more at securityscorecard.com or follow us on LinkedIn.