SecurityScorecard 2025 Global Third-Party Breach Report reveals surge in vendor-driven attacks

SecurityScorecard released its latest findings in the 2025 Global Third-Party Breach Report, revealing that 35.5% of breaches in 2024 were related to third parties. The report analyzed 1,000 breaches across various industries and regions to identify attack patterns and assess the impact of security failures linked to vendor relationships. Ryan Sherstobitoff, Senior Vice President of SecurityScorecard’s STRIKE Threat Research and Intelligence, noted that threat actors increasingly exploit third-party access for their operations. The report suggests that organizations should prioritize real-time monitoring of vendors over periodic reviews to better manage risks associated with third-party access. Key findings highlight a decreasing focus on technology sector breaches, now accounting for 46.75% of third-party incidents, compared to 75% previously. Retail and hospitality industries reported the highest rates of third-party-related breaches, while healthcare, although reporting the most breaches, experienced below-average rates. The report also pinpoints global hotspots like Singapore and the Netherlands, which reported significantly higher breach rates than the United States.