SecurityScorecard 2025 Global Third-Party Breach Report reveals surge in vendor-driven attacks

SecurityScorecard released its 2025 Global Third-Party Breach Report, analyzing 1,000 breaches to highlight patterns in third-party vulnerabilities. The report found that 35.5% of all breaches in 2024 were related to third parties. It noted a significant decrease in third-party breaches within the technology sector, dropping from 75% last year to 46.75%. The retail and hospitality industries reported the highest breach rates at 52.4%, followed closely by technology at 47.3% and energy at 46.7%.

Ryan Sherstobitoff, Senior VP of SecurityScorecard’s STRIKE Threat Research, stated, “Threat actors are prioritizing third-party access for its scalability. Our research shows ransomware groups and state-sponsored attackers increasingly leveraging supply chains as entry points.” He emphasized the need for security leaders to shift from periodic vendor assessments to real-time monitoring to address these growing risks.

The report also identified geographical hotspots for breaches, with Singapore reporting 71.4% of breaches linked to third parties, while the U.S. had a lower rate of 30.9%. Additionally, it revealed that 41.4% of ransomware attacks now initiate through third-party channels.

Among the actionable strategies suggested to mitigate risks are matching Third-Party Risk Management (TPRM) efforts to specific organizational profiles, enhancing vendor security requirements, and implementing built-in security measures in technology procurement.

To access the full report, visit SecurityScorecard’s website.

Proficio partners with Cisco to expand Managed XDR

TERAGO partners with Ericsson to deliver advanced private 5G solutions

Netskope named a Leader in Gartner SSE report